openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity
Files
eb21424e97d48118fd1ff8c8b4dff94de2dd3b1c
openshift-docs/modules/installation-restricted-network-samples.adoc

131 lines
4.5 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * installing/install_config/installing-restricted-networks-preparations.adoc
// * openshift_images/samples-operator-alt-registry.adoc
ifeval::["{context}" == "installing-restricted-networks-preparations"]
:restrictednetwork:
endif::[]
ifeval::["{context}" == "samples-operator-alt-registry"]
:samplesoperatoraltreg:
endif::[]
[id="installation-restricted-network-samples_{context}"]
= Using Cluster Samples Operator imagestreams with alternate or mirrored registries
Most imagestreams in the `openshift` namespace managed by the Cluster Samples Operator
point to images located in the Red Hat registry at link:https://registry.redhat.io[registry.redhat.io].
ifdef::restrictednetwork[]
Mirroring
will not apply to these imagestreams.
endif::[]
[IMPORTANT]
====
The `jenkins`, `jenkins-agent-maven`, and `jenkins-agent-nodejs` imagestreams
come from the install payload and are managed by the Samples
ifdef::restrictednetwork[]
Operator, so no further mirroring procedures are needed for those imagestreams.
endif::[]
ifdef::samplesoperatoraltreg[]
Operator.
endif::[]
Setting the `samplesRegistry` field in the Sample Operator configuration file to link:https://registry.redhat.io[registry.redhat.io] is redundant because it is already directed to link:https://registry.redhat.io[registry.redhat.io] for everything but Jenkins images and imagestreams.
////
The Cluster Samples Operator prevents the use of the following registries for the Jenkins imagestreams:
* link:https://docker.io[docker.io]
* link:https://registry.redhat.io[registry.redhat.io]
* link:https://registry.access.redhat.com[registry.access.redhat.com]
* link:https://quay.io[quay.io].
////
====
[NOTE]
====
The `cli`, `installer`, `must-gather`, and `tests` imagestreams, while
part of the install payload, are not managed by the Cluster Samples Operator. These are
not addressed in this procedure.
====
.Prerequisites
* Access to the cluster as a user with the `cluster-admin` role.
* Create a pull secret for your mirror registry.
.Procedure
. Access the images of a specific imagestream to mirror, for example:
+
[source,terminal]
----
$ oc get is <imagestream> -n openshift -o json | jq .spec.tags[].from.name | grep registry.redhat.io
----
+
. Mirror images from link:https://registry.redhat.io[registry.redhat.io] associated with any imagestreams you need
ifdef::restrictednetwork[]
in the restricted network environment into one of the defined mirrors, for example:
endif::[]
ifdef::configsamplesoperator[]
into your defined preferred registry, for example:
endif::[]
+
[source,terminal]
----
$ oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ${MIRROR_ADDR}/rhscl/ruby-25-rhel7:latest
----
. Create the clusters image configuration object:
+
[source,terminal]
----
$ oc create configmap registry-config --from-file=${MIRROR_ADDR_HOSTNAME}..5000=$path/ca.crt -n openshift-config
----
. Add the required trusted CAs for the mirror in the clusters image
configuration object:
+
[source,terminal]
----
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge
----
. Update the `samplesRegistry` field in the Cluster Samples Operator configuration object
to contain the `hostname` portion of the mirror location defined in the mirror
configuration:
+
[source,terminal]
----
$ oc edit configs.samples.operator.openshift.io -n openshift-cluster-samples-operator
----
+
[NOTE]
====
This is required because the imagestream import process does not use the mirror or search mechanism at this time.
====
+
. Add any imagestreams that are not mirrored into the `skippedImagestreams` field
of the Cluster Samples Operator configuration object. Or if you do not want to support
any of the sample imagestreams, set the Cluster Samples Operator to `Removed` in the
Cluster Samples Operator configuration object.
+
[NOTE]
====
The Cluster Samples Operator issues alerts if imagestream imports are failing but the Cluster Samples Operator is either periodically retrying or does not appear to be retrying them.
====
+
Many of the templates in the `openshift` namespace
reference the imagestreams. So using `Removed` to purge both the imagestreams
and templates will eliminate the possibility of attempts to use them if they
are not functional because of any missing imagestreams.
ifeval::["{context}" == "installing-restricted-networks-preparations"]
:!restrictednetwork:
endif::[]
ifeval::["{context}" == "samples-operator-alt-registry"]
:!samplesoperatoraltreg:
endif::[]
View Git Blame Copy Permalink