diff --git a/_topic_map.yml b/_topic_map.yml index bf04d5f727..ee01c70e8c 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -643,6 +643,9 @@ Topics: - Name: Configuring the Samples Operator File: configuring-samples-operator Distros: openshift-enterprise,openshift-origin +- Name: Using the Samples Operator with an alternate registry + File: samples-operator-alt-registry + Distros: openshift-enterprise,openshift-origin - Name: Understanding containers, images, and imagestreams File: images-understand - Name: Creating images diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index fd229983a3..34141482ff 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -20,6 +20,7 @@ // * installing/install_config/installing-restricted-networks-preparations.adoc // * installing/installing_vsphere/installing-vsphere.adoc // * installing/installing_ibm_z/installing-ibm-z.adoc +// * openshift_images/samples-operator-alt-registry.adoc // // AMQ docs link to this; do not change anchor diff --git a/modules/installation-adding-registry-pull-secret.adoc b/modules/installation-adding-registry-pull-secret.adoc index 72bd6e8ec6..9ff8270902 100644 --- a/modules/installation-adding-registry-pull-secret.adoc +++ b/modules/installation-adding-registry-pull-secret.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * TBD +// * openshift_images/samples-operator-alt-registry.adoc [id="installation-adding-registry-pull-secret_{context}"] = Adding the registry to your pull secret diff --git a/modules/installation-creating-mirror-registry.adoc b/modules/installation-creating-mirror-registry.adoc index 7497b6f7ab..05f1028c00 100644 --- a/modules/installation-creating-mirror-registry.adoc +++ b/modules/installation-creating-mirror-registry.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/install_config/installing-restricted-networks-preparations.adoc +// * openshift_images/samples-operator-alt-registry.adoc ifeval::["{context}" == "installing-restricted-networks-preparations"] :restricted: diff --git a/modules/installation-local-registry-pull-secret.adoc b/modules/installation-local-registry-pull-secret.adoc index e0ca83a04d..837d20c25e 100644 --- a/modules/installation-local-registry-pull-secret.adoc +++ b/modules/installation-local-registry-pull-secret.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/install_config/installing-restricted-networks-preparations.adoc +// * openshift_images/samples-operator-alt-registry.adoc [id="installation-local-registry-pull-secret_{context}"] = Creating a pull secret for your mirror registry diff --git a/modules/installation-mirror-repository.adoc b/modules/installation-mirror-repository.adoc index e67b773690..91c348a32c 100644 --- a/modules/installation-mirror-repository.adoc +++ b/modules/installation-mirror-repository.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/install_config/installing-restricted-networks-preparations.adoc +// * openshift_images/samples-operator-alt-registry.adoc [id="installation-mirror-repository_{context}"] = Mirroring the {product-title} image repository diff --git a/modules/installation-restricted-network-samples.adoc b/modules/installation-restricted-network-samples.adoc index e2b6a76930..a4e87d6e1d 100644 --- a/modules/installation-restricted-network-samples.adoc +++ b/modules/installation-restricted-network-samples.adoc @@ -1,17 +1,33 @@ // Module included in the following assemblies: // // * installing/install_config/installing-restricted-networks-preparations.adoc +// * openshift_images/samples-operator-alt-registry.adoc + +ifeval::["{context}" == "installing-restricted-networks-preparations"] +:restrictednetwork: +endif::[] + +ifeval::["{context}" == "samples-operator-alt-registry"] +:samplesoperatoraltreg: +endif::[] [id="installation-restricted-network-samples_{context}"] -= Using sample imagestreams in a restricted network installation += Using Samples Operator imagestreams with alternate or mirrored registries Most imagestreams in the OpenShift namespace managed by the Samples Operator -point to images located in the Red Hat registry at link:registry.redhat.io[registry.redhat.io]. Mirroring +point to images located in the Red Hat registry at link:registry.redhat.io[registry.redhat.io]. +ifdef::restrictednetwork[] +Mirroring will not apply to these imagestreams. - +endif::[] The `jenkins`, `jenkins-agent-maven`, and `jenkins-agent-nodejs` imagestreams -come from the install payload and are managed by the Samples Operator, so no -further mirroring procedures are needed for those imagestreams. +come from the install payload and are managed by the Samples +ifdef::restrictednetwork[] +Operator, so no further mirroring procedures are needed for those imagestreams. +endif::[] +ifdef::samplesoperatoraltreg[] +Operator. +endif::[] [NOTE] ==== @@ -26,23 +42,32 @@ not addressed in this procedure. .Procedure -. Mirror images from link:registry.redhat.io[registry.redhat.io] associated with any imagestreams you need -in the restricted network environment into one of the defined mirrors: +. Access the images of a specific imagestream to mirror, for example: + ---- -$ oc image mirror myregistry.com/myimage:latest myregistry.com/myimage:stable +$ oc get is -n openshift -o json | jq .spec.tags[].from.name | grep registry.redhat.io +---- ++ +. Mirror images from link:registry.redhat.io[registry.redhat.io] associated with any imagestreams you need +ifdef::restrictednetwork[] +in the restricted network environment into one of the defined mirrors, for example: +endif::[] +ifdef::configsamplesoperator[] +into your defined preferred registry, for example: +endif::[] ++ +---- +$ oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ${MIRROR_ADDR}/rhscl/ruby-25-rhel7:latest ---- + . Add the required trusted CAs for the mirror in the cluster’s image configuration object: + ---- -$ oc create configmap registry-config --from-file=$path/ca.crt -n openshift-config +$ oc create configmap registry-config --from-file={MIRROR_ADDR}=$path/ca.crt -n openshift-config $ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge ---- + -//(meaning https://github.com/openshift/api/blob/master/config/v1/types_image.go#L46 … add ref to associated doc) -+ . Update the `samplesRegistry` field in the Samples Operator configuration object to contain the `hostname` portion of the mirror location defined in the mirror configuration: @@ -72,3 +97,11 @@ Many of the templates in the OpenShift namespace reference the imagestreams. So using `Removed` to purge both the imagestreams and templates will eliminate the possibility of attempts to use them if they are not functional because of any missing imagestreams. + +ifeval::["{context}" == "installing-restricted-networks-preparations"] +:!restrictednetwork: +endif::[] + +ifeval::["{context}" == "samples-operator-alt-registry"] +:!samplesoperatoraltreg: +endif::[] diff --git a/openshift_images/samples-operator-alt-registry.adoc b/openshift_images/samples-operator-alt-registry.adoc new file mode 100644 index 0000000000..f95430858c --- /dev/null +++ b/openshift_images/samples-operator-alt-registry.adoc @@ -0,0 +1,31 @@ +[id="samples-operator-alt-registry"] += Using the Samples Operator with an alternate registry +include::modules/common-attributes.adoc[] +:context: samples-operator-alt-registry +toc::[] + +You can use the Samples Operator with an alternate registry by first creating a mirror registry. + +[IMPORTANT] +==== +You must have access to the internet to obtain the necessary container images. In this procedure, you place the mirror registry on a mirror host that has access to both your network and the internet. +==== + +include::modules/installation-about-mirror-registry.adoc[leveloffset=+1] + +[id="samples-preparing-bastion"] +=== Preparing the mirror host + +Before you create the mirror registry, you must prepare the mirror host. + +include::modules/cli-installing-cli.adoc[leveloffset=+2] + +include::modules/installation-creating-mirror-registry.adoc[leveloffset=+1] + +//include::modules/installation-local-registry-pull-secret.adoc[leveloffset=+1] + +include::modules/installation-adding-registry-pull-secret.adoc[leveloffset=+1] + +include::modules/installation-mirror-repository.adoc[leveloffset=+1] + +include::modules/installation-restricted-network-samples.adoc[leveloffset=+1]