Skip to content

Instantly share code, notes, and snippets.

@cdoan1

cdoan1/00_setup_local_mirror_registry.sh

Last active October 7, 2021 17:35
Show Gist options
  • Save cdoan1/6ec6a5b3f57764caeb22e015a109e4b7 to your computer and use it in GitHub Desktop.
Save cdoan1/6ec6a5b3f57764caeb22e015a109e4b7 to your computer and use it in GitHub Desktop.
Download ZIP
disconnected downstream
Raw
00_setup_local_mirror_registry.sh
#!/bin/bash
#
# Reference: https://www.openshift.com/blog/openshift-4-2-disconnected-install
#
HOSTNAME=`hostname`
USERNAME=admin
PASSWORD=password
yum -y install podman httpd httpd-tools
mkdir -p $(pwd)/registry/{auth,certs,data}
sudo openssl genrsa -out $(pwd)/registry/certs/domain.key 4096
sudo openssl req -x509 -key $(pwd)/registry/certs/domain.key \
-out $(pwd)/registry/certs/domain.crt \
-days 365 \
-subj "/C=US/ST=NC/L=Raleigh/O=Test Company/OU=Testing/CN=$HOSTNAME"
htpasswd -bBc $(pwd)/registry/auth/htpasswd $USERNAME $PASSWORD
cp $(pwd)/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
podman run -d --net host --name poc-registry -p 5000:5000 \
-v $(pwd)/registry/data:/var/lib/registry:z \
-v $(pwd)/registry/auth:/auth:z \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" \
-e "REGISTRY_HTTP_SECRET=ALongRandomSecretForRegistry" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v $(pwd)/registry/certs:/certs:z \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
docker.io/registry:latest
Raw
01_generate_oc_image_mirror_cmd.sh
#!/bin/bash
#
# given an ACM PRE-GA image manifests json file
# generate the `oc image mirror list of commands
#
MANIFEST_FILE=${MANIFEST_FILE:-2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json}
SCRIPT_NAME=image_mirror_command.sh
cat > $SCRIPT_NAME <<EOF
#!/bin/bash
AUTHFILE=pull-secret.json
DEST=ip-172-31-6-109.us-west-1.compute.internal:5000/rhacm2
# include the SHA referenced operator bundle image and custom registry
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-operator-bundle@sha256:4ac24debb3d09c8ba9442f0d0bdaf9832482138f80b9de03615195b12707925b $DEST/acm-operator-bundle:v2.1.0-48
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00 $DEST/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00
EOF
jq -r '.[] | "oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/" + ."image-name" + "@" + ."image-digest" + " " + "$DEST/" + ."image-name" + ":" + ."image-tag"' $MANIFEST_FILE >> $SCRIPT_NAME
chmod 755 $SCRIPT_NAME
Raw
02_verify_oc_image_mirror.sh
#!/bin/bash
#
# given an ACM PRE-GA image manifests json file
# generate the a list of `podman pull image` to verify that digests are appropriate
#
MANIFEST_FILE=${MANIFEST_FILE:2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json}
cat > verify_oc_image_mirror.sh <<EOF
#!/bin/bash
AUTHFILE=authfile.json
DEST=f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
EOF
jq -r '.[] | "podman pull --authfile=$AUTHFILE $DEST/" + ."image-name" + "@" + ."image-digest"' $MANIFEST_FILE >> verify_oc_image_mirror.sh
chmod 755 verify_oc_image_mirror.sh
Raw
2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json
[
{
"image-key": "application_ui",
"image-name": "application-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-30",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d583bc58a98d00c625f246e61065f168ab34456858265e9a02a84f481d9fbfbc"
},
{
"image-key": "cert_manager_acmesolver",
"image-name": "acmesolver-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f63cb6505650b462ddd1d35de6bc6ac2e8a2347cef61d2be905ad2448fb26863"
},
{
"image-key": "cert_manager_cainjector",
"image-name": "cainjector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e33a09e879188598b3378cef98e54ea7ef9b51bf48628e9ddf27f1472ba679ea"
},
{
"image-key": "cert_manager_controller",
"image-name": "cert-manager-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:3f39a8bb63d97e12a1f0a70785c7177e9d6080912ab8ecaf1873a6d138c47985"
},
{
"image-key": "cert_manager_webhook",
"image-name": "cert-manager-webhook-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:66fea59e8a258bb0c06883bc422d96213de7c210e3534309bb836497fa592725"
},
{
"image-key": "cert_policy_controller",
"image-name": "cert-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:137983f78d988b85ad1afbee26da05690bfdc020363e69f60da28ef429ee4b3b"
},
{
"image-key": "config_policy_controller",
"image-name": "config-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d2b34536d70249fc5851bdb467fab2093c4c7291d3c2afe4702035acdce876fa"
},
{
"image-key": "configmap_watcher",
"image-name": "configmap-watcher-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:09df637bd8259a5be505f9a2d6528f509fd59a4182c94ab77d58908d89295efd"
},
{
"image-key": "console_api",
"image-name": "console-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-17",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0eae50e03d6e27022512440f16fc41fc26eae9561f4d28ca4e061f15b63ee559"
},
{
"image-key": "console_header",
"image-name": "console-header-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-14",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:8b5ffbbe4727cdf302e099af90db6b171fc69b9c6a14d3e6bf09d055309fef68"
},
{
"image-key": "console_ui",
"image-name": "console-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-25",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b9ac7ce29b91ac106c19370586382d1f8211c8de9e2d85c108eaad61ce3ba231"
},
{
"image-key": "endpoint_component_operator",
"image-name": "endpoint-component-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-12",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ed8d2c763de655dfdf44e230ff1981a1f6eb94f83dd3273490deb5907b61d4a9"
},
{
"image-key": "endpoint_monitoring_operator",
"image-name": "endpoint-monitoring-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-15",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:fda22e264fe67d39ec2a37c326f8d1020e2a90a3a975b625113f0c202a8ba274"
},
{
"image-key": "governance_policy_propagator",
"image-name": "governance-policy-propagator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:bfd69d2272a56feafcc62a9e9518b50337c46382e5d4781d8837bb4bcdf6ab36"
},
{
"image-key": "governance_policy_spec_sync",
"image-name": "governance-policy-spec-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a2213974c1b8ebc315fd331f5f0bb7f2e533f4534c627c7ead7ee0d34d8d895b"
},
{
"image-key": "governance_policy_status_sync",
"image-name": "governance-policy-status-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5e3c89535a51627acc38d3211f6d7bcb523a423d7d0196a62c767531ea2b7244"
},
{
"image-key": "governance_policy_template_sync",
"image-name": "governance-policy-template-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:3944ddfb9130dcedafe207f2e1b7ffcfd34061133567a859e8cd6ad1a92fa11c"
},
{
"image-key": "grc_ui",
"image-name": "grc-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-26",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0d4e7d7c85ca8236baee4148ae03d4d9e6a1571b79680eeab0446a273693d514"
},
{
"image-key": "grc_ui_api",
"image-name": "grc-ui-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-16",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b725087ae9a749ee4662f19d5448129e6c86edd5e7b61b15507085435406979a"
},
{
"image-key": "iam_policy_controller",
"image-name": "iam-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5041efd0759611d2eb820e7800ac5f195a8a83380d3323bd1e92368f2f471b92"
},
{
"image-key": "klusterlet_addon_lease_controller",
"image-name": "klusterlet-addon-lease-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:769dbc40a9c4f5b15aa433a3dd777a7d5e5b8380c2194499277b2ac267d217b3"
},
{
"image-key": "kui_web_terminal",
"image-name": "kui-web-terminal-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:bffa581211101ceecbbf6c77a5093b7aa72bdb8ac350f13cae493a30dc06c06b"
},
{
"image-key": "management_ingress",
"image-name": "management-ingress-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-8",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:18b6cd5d9cc21a74bdf51c4c1abab704a819d166b3e80b244aef6f555785e66e"
},
{
"image-key": "mcm_topology",
"image-name": "mcm-topology-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ca94c2f78366eb0a5a3aea5b99711d61c9f5ed48b3bc4701103f93e92373019c"
},
{
"image-key": "mcm_topology_api",
"image-name": "mcm-topology-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:9cde204a6f7c83bf028ef31f71cbc4e0e59ee331d6c64281a41383b0a2d87c8b"
},
{
"image-key": "memcached",
"image-name": "memcached-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-1",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ab2e86197bc8382746cd05da2e0020c66c37c69f02968437fb4461c499357e64"
},
{
"image-key": "memcached_exporter",
"image-name": "memcached-exporter-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-2",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:31bdc1f01b955f8dc4d18bc53ce71f2f88421bf6457990df8cd31f67963e1cf6"
},
{
"image-key": "metrics_collector",
"image-name": "metrics-collector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c96dabb1255dc9d3122dd0fcdc4352cd46acc953d72c8f861e9cfefa32d8d8cc"
},
{
"image-key": "multicloud_manager",
"image-name": "multicloud-manager-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:9e20fe059e69308e79e7f4bea3c4df294543fef187e60057d853a9fe40a22947"
},
{
"image-key": "multicluster_observability_operator",
"image-name": "multicluster-observability-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-18",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:399f1db11d1009a6e590682c5ac762bcd4fb8b9a1e8293247b9714aa05f1e0a6"
},
{
"image-key": "multicluster_operators_application",
"image-name": "multicluster-operators-application-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a779949fa41844cbe527f708215ce92bdd2fee3d0f2994801e032895243cf711"
},
{
"image-key": "multicluster_operators_channel",
"image-name": "multicluster-operators-channel-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:19338b6df9e0b7da21e796ef66ff0eb8b8360f72dc281611bb3704bc6d11a1f4"
},
{
"image-key": "multicluster_operators_deployable",
"image-name": "multicluster-operators-deployable-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d132670e3027dd9ad1735cfe438232b345066fe6be20f6946dc8e6e1297f39ce"
},
{
"image-key": "multicluster_operators_placementrule",
"image-name": "multicluster-operators-placementrule-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e94547cd51cfe9eac2952ef750f7b05e9f6ef2c168c06ac095b78646811ec478"
},
{
"image-key": "multicluster_operators_subscription",
"image-name": "multicluster-operators-subscription-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-13",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:fc9467d39c8b105b5c6b5d30af9fa1ac6f2b3e262ea3d65b48a094b578b9b2f3"
},
{
"image-key": "multicluster_operators_subscription_release",
"image-name": "multicluster-operators-subscription-release-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:460ef88bb980f584e087ad59e7bb884be5d64256f12535f792a700b7514c5a90"
},
{
"image-key": "multiclusterhub_repo",
"image-name": "multiclusterhub-repo-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-19",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c2348000a2b5cdea46decdbc9a5b08ce190341b9daabb2dbce6151f3a61303ff"
},
{
"image-key": "observatorium",
"image-name": "observatorium-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-8",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a2c862a8207f178829162e6e62d31fd0138b0d82f0bbdf53bbfa6677c4ef776c"
},
{
"image-key": "observatorium_operator",
"image-name": "observatorium-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5b130dcc128fa60f05c521c6c23c608e42734811b5cb1e0665e7a5ff43c80c45"
},
{
"image-key": "openshift_hive",
"image-name": "openshift-hive-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e546bbf710969123a6df78de2571a205bec64f4cce2143e86d4e5767238a0f15"
},
{
"image-key": "rbac_query_proxy",
"image-name": "rbac-query-proxy-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:69f71b1327c31045b8640d1556fbc1780d0381c52ac72fa0ff848af850fb3c22"
},
{
"image-key": "rcm_controller",
"image-name": "rcm-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b10d260da52b16946e1e9b409e5867051129e82fb836a99c959313470be97cf3"
},
{
"image-key": "redisgraph_tls",
"image-name": "redisgraph-tls-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5ad6eb7f0b7679a86502bb8c16603f09a9135412c80af28328e68001177b7589"
},
{
"image-key": "registration",
"image-name": "registration-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-15",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3"
},
{
"image-key": "registration_operator",
"image-name": "registration-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7"
},
{
"image-key": "search_aggregator",
"image-name": "search-aggregator-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:31891ebb7c203df74f0abec3e86bfea8759d709282b204bf087952092d1ffe5b"
},
{
"image-key": "search_api",
"image-name": "search-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-12",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0b0be362f878176d32f2486ac38048cbec668e5314162d215072b948bbfa9ca0"
},
{
"image-key": "search_collector",
"image-name": "search-collector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-17",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:6cfdbda8d8e67c33f1b366e4dfd9ea7aaa9995b6b0fd31466a2bb99377a3815b"
},
{
"image-key": "search_operator",
"image-name": "search-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:4a06fcd25a3e5564fb7aec1bc967e9f627632108ffc0da5ba34b36fa489c243d"
},
{
"image-key": "thanos",
"image-name": "thanos-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e6803bcccc4c8e3ed0fca6f48be7b3d9f5ab672b46e96aeccdec9b31c947af0f"
},
{
"image-key": "thanos_receive_controller",
"image-name": "thanos-receive-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:572d4336d4fea9aeed2fc36610622562d76d3525a583ebe8d019720e7315d6cf"
},
{
"image-key": "work",
"image-name": "work-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-14",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064"
},
{
"image-key": "acm_must_gather",
"image-name": "acm-must-gather-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d9c7da10a6cbcdf5f149021e60dd177cdfce2a5fbe906f8586a897d51e1a8d6c"
},
{
"image-key": "endpoint_operator",
"image-name": "endpoint-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-41",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:6ac803a000dd9caa1afcf31c0379d1e7db3f65d05483546ca1dd6df56b02c5b8"
},
{
"image-key": "multiclusterhub_operator",
"image-name": "multiclusterhub-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-41",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f563b37d92867324e7c5496b788a52640cc41f6db5fd2cbbf4f75c4cea7c0d74"
},
{
"image-key": "grafana",
"image-name": "ose-grafana",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:a507dd30c77e8bdc93b124e75aa6f0e2d5ab5f01652ef255d6de3f40bedaa9ea"
},
{
"image-key": "oauth_proxy",
"image-name": "ose-oauth-proxy",
"image-version": "v4.4.0",
"image-tag": "v4.4.0-202009041255.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:a6c9f9d3514873b9e3a00d194472ad3ae5326cbad20e67a6bdf7e5a97ff79982"
},
{
"image-key": "prometheus-alertmanager",
"image-name": "ose-prometheus-alertmanager",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:7a1bea7f5a5b8e3efd5098b050122e992bd036d0f3b9c3e99488c19fa5c7eca7"
},
{
"image-key": "prometheus-config-reloader",
"image-name": "ose-configmap-reloader",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:81b4b75f12474c640793e14fb17d539b3351aefec020df276bcaabcf56800e96"
}
]
Raw
mirror_icsp.yaml
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: rhacm-repo
spec:
repositoryDigestMirrors:
- mirrors:
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
source: quay.io/acm-d
- mirrors:
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
source: registry.redhat.io/rhacm2
- mirrors:
- registry.redhat.io/openshift4/ose-oauth-proxy
source: registry.access.redhat.com/openshift4/ose-oauth-proxy
@cdoan1
Copy link
Author

cdoan1 commented Oct 6, 2020
edited
Loading

HTTP PROXY

  • When importing or creating a managed clusters in disconnected, by default the images are referenced to the registry that was used to deploy ACM on the hub.
  • If the target managed cluster does not have access to the mirror registry, accessing the images through an available http proxy would be an alternative. https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html
  • The klusterletaddonconfigs.agent.open-cluster-management.io resource on the hub has override parameter to change the imageRegistry path for addon components. But this does not cover the klusterlet images.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: klusterlet
  name: klusterlet
  namespace: open-cluster-management-agent
spec:
  replicas: 1
  selector:
    matchLabels:
      app: klusterlet
  template:
    metadata:
      labels:
        app: klusterlet
    spec:
      containers:
      - args:
        - /registration-operator
        - klusterlet
        image: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8-operator@sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 2
          periodSeconds: 10
        name: klusterlet
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 2
      serviceAccountName: klusterlet

---
apiVersion: operator.open-cluster-management.io/v1
kind: Klusterlet
metadata:
  name: klusterlet
spec:
  clusterName: singapore
  imagePullSecret: open-cluster-management-image-pull-credentials
  namespace: open-cluster-management-agent
  registrationImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8@sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3
  workImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/work-rhel8@sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment