openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
b861fb8d1fe02da170cbb977e5f74d9d1d76384c
openshift-docs/modules/oc-mirror-oci-format.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

104 lines
4.8 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * installing/disconnected_install/installing-mirroring-disconnected.adoc
// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
:_mod-docs-content-type: PROCEDURE
[id="oc-mirror-oci-format_{context}"]
= Including local OCI Operator catalogs
While mirroring {product-title} releases, Operator catalogs, and additional images from a registry to a partially disconnected cluster, you can include Operator catalog images from a local file-based catalog on disk. The local catalog must be in the Open Container Initiative (OCI) format.
The local catalog and its contents are mirrored to your target mirror registry based on the filtering information in the image set configuration file.
[IMPORTANT]
====
When mirroring local OCI catalogs, any {product-title} releases or additional images that you want to mirror along with the local OCI-formatted catalog must be pulled from a registry.
You cannot mirror OCI catalogs along with an oc-mirror image set file on disk.
====
One example use case for using the OCI feature is if you have a CI/CD system building an OCI catalog to a location on disk, and you want to mirror that OCI catalog along with an {product-title} release to your mirror registry.
[NOTE]
====
If you used the Technology Preview OCI local catalogs feature for the oc-mirror plugin for {product-title} 4.12, you can no longer use the OCI local catalogs feature of the oc-mirror plugin to copy a catalog locally and convert it to OCI format as a first step to mirroring to a fully disconnected cluster.
====
.Prerequisites
* You have access to the internet to obtain the necessary container images.
* You have installed the OpenShift CLI (`oc`).
* You have installed the `oc-mirror` CLI plugin.
.Procedure
. Create the image set configuration file and adjust the settings as necessary.
+
The following example image set configuration mirrors an OCI catalog on disk along with an {product-title} release and a UBI image from `registry.redhat.io`.
+
[source,yaml,subs="attributes+"]
----
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
local:
path: /home/user/metadata <1>
mirror:
platform:
channels:
- name: stable-{product-version} <2>
type: ocp
graph: false
operators:
- catalog: oci:///home/user/oc-mirror/my-oci-catalog <3>
targetCatalog: my-namespace/redhat-operator-index <4>
packages:
- name: aws-load-balancer-operator
- catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version} <5>
packages:
- name: rhacs-operator
additionalImages:
- name: registry.redhat.io/ubi9/ubi:latest <6>
----
<1> Set the back-end location to save the image set metadata to. This location can be a registry or local directory. It is required to specify `storageConfig` values.
<2> Optionally, include an {product-title} release to mirror from `registry.redhat.io`.
<3> Specify the absolute path to the location of the OCI catalog on disk. The path must start with `oci://` when using the OCI feature.
<4> Optionally, specify an alternative namespace and name to mirror the catalog as.
<5> Optionally, specify additional Operator catalogs to pull from a registry.
<6> Optionally, specify additional images to pull from a registry.
. Run the `oc mirror` command to mirror the OCI catalog to a target mirror registry:
+
[source,terminal]
----
$ oc mirror --config=./imageset-config.yaml \ <1>
docker://registry.example:5000 <2>
----
<1> Pass in the image set configuration file. This procedure assumes that it is named `imageset-config.yaml`.
<2> Specify the registry to mirror the content to. The registry must start with `docker://`. If you specify a top-level namespace for the mirror registry, you must also use this same namespace on subsequent executions.
+
Optionally, you can specify other flags to adjust the behavior of the OCI feature:
+
`--oci-insecure-signature-policy`:: Do not push signatures to the target mirror registry.
+
`--oci-registries-config`:: Specify the path to a TOML-formatted `registries.conf` file. You can use this to mirror from a different registry, such as a pre-production location for testing, without having to change the image set configuration file. This flag only affects local OCI catalogs, not any other mirrored content.
+
.Example registries.conf file
[source,toml]
----
[[registry]]
location = "registry.redhat.io:5000"
insecure = false
blocked = false
mirror-by-digest-only = true
prefix = ""
[[registry.mirror]]
location = "preprod-registry.example.com"
insecure = false
----
.Next steps
* Configure your cluster to use the resources generated by oc-mirror.
View Git Blame Copy Permalink