openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 15:46:57 +01:00
Code Issues Releases Activity
Files
649f9b9e12e35ce1a1e9679faa34e51367dd94de
openshift-docs/modules/installation-restricted-network-samples.adoc
Felipe Martin 5b8fdd07ad Replace oc get with oc edit
2020-09-21 20:09:47 +00:00

131 lines
4.5 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * installing/install_config/installing-restricted-networks-preparations.adoc
// * openshift_images/samples-operator-alt-registry.adoc
ifeval::["{context}" == "installing-restricted-networks-preparations"]
:restrictednetwork:
endif::[]
ifeval::["{context}" == "samples-operator-alt-registry"]
:samplesoperatoraltreg:
endif::[]
[id="installation-restricted-network-samples_{context}"]
= Using Samples Operator imagestreams with alternate or mirrored registries
Most imagestreams in the OpenShift namespace managed by the Samples Operator
point to images located in the Red Hat registry at link:https://registry.redhat.io[registry.redhat.io].
ifdef::restrictednetwork[]
Mirroring
will not apply to these imagestreams.
endif::[]
[IMPORTANT]
====
The `jenkins`, `jenkins-agent-maven`, and `jenkins-agent-nodejs` imagestreams
come from the install payload and are managed by the Samples
ifdef::restrictednetwork[]
Operator, so no further mirroring procedures are needed for those imagestreams.
endif::[]
ifdef::samplesoperatoraltreg[]
Operator.
endif::[]
Setting the `samplesRegistry` field in the Sample Operator configuration file to link:https://registry.redhat.io[registry.redhat.io] is redundant because it is already directed to link:https://registry.redhat.io[registry.redhat.io] for everything but Jenkins images and imagestreams. It also breaks the installation payload for Jenkins imagestreams.
The Samples Operator prevents the use of the following registries for the Jenkins imagestreams:
* link:https://docker.io[docker.io]
* link:https://registry.redhat.io[registry.redhat.io]
* link:https://registry.access.redhat.com[registry.access.redhat.com]
* link:https://quay.io[quay.io].
====
[NOTE]
====
The `cli`, `installer`, `must-gather`, and `tests` imagestreams, while
part of the install payload, are not managed by the Samples Operator. These are
not addressed in this procedure.
====
.Prerequisites
* Access to the cluster as a user with the `cluster-admin` role.
* Create a pull secret for your mirror registry.
.Procedure
. Access the images of a specific imagestream to mirror, for example:
+
[source,terminal]
----
$ oc get is <imagestream> -n openshift -o json | jq .spec.tags[].from.name | grep registry.redhat.io
----
+
. Mirror images from link:https://registry.redhat.io[registry.redhat.io] associated with any imagestreams you need
ifdef::restrictednetwork[]
in the restricted network environment into one of the defined mirrors, for example:
endif::[]
ifdef::configsamplesoperator[]
into your defined preferred registry, for example:
endif::[]
+
[source,terminal]
----
$ oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ${MIRROR_ADDR}/rhscl/ruby-25-rhel7:latest
----
. Create the clusters image configuration object:
+
[source,terminal]
----
$ oc create configmap registry-config --from-file=${MIRROR_ADDR_HOSTNAME}..5000=$path/ca.crt -n openshift-config
----
. Add the required trusted CAs for the mirror in the clusters image
configuration object:
+
[source,terminal]
----
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge
----
. Update the `samplesRegistry` field in the Samples Operator configuration object
to contain the `hostname` portion of the mirror location defined in the mirror
configuration:
+
[source,terminal]
----
$ oc edit configs.samples.operator.openshift.io -n openshift-cluster-samples-operator
----
+
[NOTE]
====
This is required because the imagestream import process does not use the mirror or search mechanism at this time.
====
+
. Add any imagestreams that are not mirrored into the `skippedImagestreams` field
of the Samples Operator configuration object. Or if you do not want to support
any of the sample imagestreams, set the Samples Operator to `Removed` in the
Samples Operator configuration object.
+
[NOTE]
====
Any unmirrored imagestreams that are not skipped, or if the Samples Operator is
not changed to `Removed`, will result in the Samples Operator reporting a
`Degraded` status two hours after the imagestream imports start failing.
====
+
Many of the templates in the OpenShift namespace
reference the imagestreams. So using `Removed` to purge both the imagestreams
and templates will eliminate the possibility of attempts to use them if they
are not functional because of any missing imagestreams.
ifeval::["{context}" == "installing-restricted-networks-preparations"]
:!restrictednetwork:
endif::[]
ifeval::["{context}" == "samples-operator-alt-registry"]
:!samplesoperatoraltreg:
endif::[]
View Git Blame Copy Permalink