openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/oc-mirror-enclave-support-about.adoc
subhtk d1dd1dbb53 Updated oc-mirror v2 docs
2025-02-20 16:47:33 +00:00

52 lines
2.6 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * installing/disconnected_install/installing-mirroring-disconnected-v2.adoc
:_mod-docs-content-type: CONCEPT
[id="oc-mirror-enclave-support-about_{context}"]
= Benefits of enclave support
Enclave support restricts internal access to a specific part of a network. Unlike a demilitarized zone (DMZ) network, which allows inbound and outbound traffic access through firewall boundaries, enclaves do not cross firewall boundaries.
The new enclave support functionality is for scenarios where mirroring is needed for multiple enclaves that are secured behind at least one intermediate disconnected network.
Enclave support has the following benefits:
* You can mirror content for multiple enclaves and centralize it in a single internal registry. Because some customers want to run security checks on the mirrored content, with this setup they can run these checks all at once. The content is then vetted before being mirrored to downstream enclaves.
* You can mirror content directly from the centralized internal registry to enclaves without restarting the mirroring process from the internet for each enclave.
* You can minimize data transfer between network stages, so to ensure that a blob or image is transferred only once from one stage to another.
[id="oc-mirror-enclave-how-to_{context}"]
== Enclave mirroring workflow
image::445_OpenShift_Enclave_support_0724.png[Enclave Support]
The previous image outlines the flow for using the oc-mirror plugin in different environments, including environments with and without an internet connection.
*Environment with Internet Connection*:
. The user executes oc-mirror plugin v2 to mirror content from an online registry to a local disk directory.
. The mirrored content is saved to the disk for transfer to offline environments.
*Disconnected Enterprise Environment (No Internet)*:
* Flow 1:
** The user runs oc-mirror plugin v2 to load the mirrored content from the disk directory, which was transferred from the online environment, into the `enterprise-registry.in` registry.
* Flow 2:
.. After updating the `registries.conf` file, the user executes the oc-mirror plugin v2 to mirror content from the `enterprise-registry.in` registry to an enclave environment.
.. The content is saved to a disk directory for transfer to the enclave.
*Enclave Environment (No Internet)*:
* The user runs oc-mirror plugin v2 to load content from the disk directory into the `enclave-registry.in` registry.
The image visually represents the data flow across these environments and emphasizes the use of oc-mirror to handle disconnected and enclave environments without an internet connection.
View Git Blame Copy Permalink