-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#648 Uae idmp instead of ImageContentSourcePolicy
- Loading branch information
1 parent
b2f77fa
commit 03e9d1f
Showing
6 changed files
with
161 additions
and
1 deletion.
There are no files selected for viewing
13 changes: 13 additions & 0 deletions
13
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/tasks/create-idms-alt.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
- name: Create ImageDigestMirrorSet for alternative registries into {{ status_dir }}/openshift/cloud-pak-idms.yaml | ||
template: | ||
src: cloud-pak-idms-alt.j2 | ||
dest: "{{ status_dir }}/openshift/cloud-pak-idms.yaml" | ||
|
||
- name: Create ImageDigestMirrorSet {{ icsp_name }} | ||
shell: | | ||
oc apply -f {{ status_dir }}/openshift/cloud-pak-idms.yaml | ||
- name: Delete ImageContentSourcePolicy {{ icsp_name }} if still existing | ||
shell: | | ||
oc delete imagecontentsourcepolicies.operator.openshift.io {{ icsp_name }} --ignore-not-found |
80 changes: 80 additions & 0 deletions
80
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/tasks/create-idms.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
- name: Create ImageDigestMirrorSet for private registry | ||
template: | ||
src: cloud-pak-idms.j2 | ||
dest: "{{ status_dir }}/openshift/cloud-pak-idms.yaml" | ||
|
||
- name: Create ImageDigestMirrorSet {{ idms_name }} | ||
shell: | | ||
oc apply -f {{ status_dir }}/openshift/cloud-pak-idms.yaml | ||
- name: Delete ImageContentSourcePolicy {{ icsp_name }} if still existing | ||
shell: | | ||
oc delete imagecontentsourcepolicies.operator.openshift.io {{ icsp_name }} --ignore-not-found | ||
# Handle insecure registry | ||
- name: Patch OpenShift image object if insecure registry was specified | ||
block: | ||
- name: Check if insecureRegistries already in image specification | ||
shell: | | ||
oc get image.config.openshift.io/cluster -o json | jq -r '.spec.registrySources // ""' | ||
register: _insecure_registries | ||
- name: Add insecureRegistries specification | ||
shell: | | ||
oc patch image.config.openshift.io/cluster --type=merge --patch '{"spec": {"registrySources": {"insecureRegistries": []}}}' | ||
when: not "insecureRegistries" in _insecure_registries.stdout | ||
|
||
- name: Check if {{ private_registry_url }} already in insecure registries | ||
shell: | | ||
oc get image.config.openshift.io/cluster -o json | jq -r '.spec.registrySources.insecureRegistries // ""' | ||
register: _private_registry_entries | ||
|
||
- name: Add insecure registry entry | ||
shell: | | ||
oc patch image.config.openshift.io/cluster --type=json \ | ||
--patch '[{"op": "add", "path": "/spec/registrySources/insecureRegistries/-", "value": "{{ private_registry_url }}" }]' | ||
when: not private_registry_url in _private_registry_entries.stdout | ||
when: (current_image_registry.registry_insecure | default(False) | bool) | ||
|
||
# Handle registry with CA bundle | ||
- name: Patch OpenShift image object if trusted CA secret was specified | ||
block: | ||
- name: Get trusted CA secret from vault | ||
include_role: | ||
name: vault-get-secret | ||
vars: | ||
secret_name: "{{ current_image_registry.registry_trusted_ca_secret }}" | ||
secret_group: "{{ environment_name }}" | ||
|
||
- set_fact: | ||
_registry_trusted_ca_secret: "{{ secret_value }}" | ||
|
||
- name: Fail if secret {{ current_image_registry.registry_trusted_ca_secret }} was not found in the vault | ||
fail: | ||
msg: Secret "{{ current_image_registry.registry_trusted_ca_secret }}" was not found in the vault | ||
when: _registry_trusted_ca_secret == "" | ||
|
||
- name: Check if additionalTrustedCA already in image specification | ||
shell: | | ||
oc get image.config.openshift.io/cluster -o json | jq -r '.spec.additionalTrustedCA.name // ""' | ||
register: _additional_trusted_ca_name_output | ||
- set_fact: | ||
_additional_trusted_ca_name: "{{ _additional_trusted_ca_name_output.stdout }}" | ||
- set_fact: | ||
_additional_trusted_ca_name: "{{ current_image_registry.registry_trusted_ca_secret }}" | ||
when: _additional_trusted_ca_name == "" | ||
|
||
- name: Create ConfigMap for additional trusted CA if non-existing | ||
shell: | | ||
oc create cm -n openshift-config {{ _additional_trusted_ca_name }} | ||
failed_when: False | ||
- name: Set data for registry hostname {{ current_image_registry.registry_host_name }} | ||
shell: | | ||
oc set data cm/{{ _additional_trusted_ca_name }} -n openshift-config \ | ||
"{{ private_registry_url | replace(':', '..') }}"="{{ _registry_trusted_ca_secret }}" | ||
- name: Set additionalTrustedCA specification | ||
shell: | | ||
oc patch image.config.openshift.io/cluster --type=merge \ | ||
--patch '{"spec": {"additionalTrustedCA": {"name": "{{ _additional_trusted_ca_name }}"}}}' | ||
when: current_image_registry.registry_trusted_ca_secret | default("") != "" |
18 changes: 18 additions & 0 deletions
18
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/templates/cloud-pak-idms-alt.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: config.openshift.io/v1 | ||
kind: ImageDigestMirrorSet | ||
metadata: | ||
name: {{ idms_name }} | ||
spec: | ||
imageDigestMirrors: | ||
{% for registry_mirror in all_config.cp_alt_repo.registry_mirrors %} | ||
- source: {{ registry_mirror.source}} | ||
mirrors: | ||
{% for mirror in registry_mirror.mirrors %} | ||
- {{ mirror }} | ||
{% endfor %} | ||
mirrorSourcePolicy: AllowContactingSource | ||
{% endfor %} |
34 changes: 34 additions & 0 deletions
34
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/templates/cloud-pak-idms.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
apiVersion: config.openshift.io/v1 | ||
kind: ImageDigestMirrorSet | ||
metadata: | ||
name: {{ idms_name }} | ||
spec: | ||
imageDigestMirrors: | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/cp | ||
source: cp.icr.io/cp | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/cp/cpd | ||
source: cp.icr.io/cp/cpd | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/cpopen | ||
source: icr.io/cpopen | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/db2u | ||
source: icr.io/db2u | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/cpopen/cpfs | ||
source: icr.io/cpopen/cpfs | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/opencloudio | ||
source: quay.io/opencloudio | ||
mirrorSourcePolicy: AllowContactingSource | ||
- mirrors: | ||
- {{ private_registry_url_namespace }}/ibmcom | ||
source: docker.io/ibmcom | ||
mirrorSourcePolicy: AllowContactingSource |
3 changes: 2 additions & 1 deletion
3
automation-roles/50-install-cloud-pak/cpfs/cp-ocp-icsp/vars/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
--- | ||
icsp_name: cloud-pak-mirror | ||
icsp_name: cloud-pak-mirror | ||
idms_name: cloud-pak-mirror |