Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

disconnected environments #2189

Closed
sspeiche opened this issue Sep 26, 2019 · 11 comments
Closed

disconnected environments #2189

sspeiche opened this issue Sep 26, 2019 · 11 comments
Assignees
@amitkrout
Labels
area/disconnected-cluster Issues or PRs related to disconnected clusters or clusters with restricted network access kind/epic An issue categorized as a high-level Epic. Needs to be scoped and broken down in 1+ stories/tasks priority/High Important issue; should be worked on before any other issues (except priority/Critical issue(s)).
Milestone
1.1

Comments

@sspeiche
Copy link
Contributor

[kind/Enhancement]

Many customers work off line, either due to airgapped work environments or from areas with little or no connectivity. There needs to be a way for these uses to easily use odo and the hot reload featured using the odo-init-image. If this image is held in only a internet accessible way, this will greatly limit the users.
@sspeiche sspeiche added the kind/epic An issue categorized as a high-level Epic. Needs to be scoped and broken down in 1+ stories/tasks label Sep 26, 2019
@sspeiche sspeiche added this to the backlog milestone Sep 26, 2019
@kadel kadel mentioned this issue Oct 14, 2019
Closed
@amitkrout amitkrout added this to For consideration in Sprint 174 via automation Oct 24, 2019
@amitkrout amitkrout moved this from For consideration to To do in Sprint 174 Oct 24, 2019
@amitkrout amitkrout added the priority/High Important issue; should be worked on before any other issues (except priority/Critical issue(s)). label Oct 24, 2019
@amitkrout
Copy link
Contributor

/assign @amitkrout

@amitkrout
Copy link
Contributor

amitkrout commented Oct 24, 2019
edited

AFAIU odo ideally should work in a disconnected env. You just need push odo-init-image to the disconnected env registry and set ODO_BOOTSTRAPPER_IMAGE to access the odo-init-image registry from the cluster.

For example:

  1. odo-init-image is pushed into registry.internal/odo/odo-init-mage:0.13.1
  2. export ODO_BOOTSTRAPPER_IMAGE=registry.internal/odo/odo-init-mage:0.13.1
  3. odo component create ...
  4. odo push and it should work only if component doesn't require access to the outside internet like npm, maven repositories.

To make this work it will need an additional setup such as mirroring. For example for nodejs component, env var NPM_MIRROR can be set as an alternate npm registry which can be achieved through odo config set --env NPM_MIRROR=npmMirrorRegistry or odo component create nodejs --env NPM_MIRROR=npmMirrorRegistry.

Till now i have not verified these steps. I am working on to verify these steps. cc_ @kadel

@cdrage cdrage moved this from To do to In progress in Sprint 174 Oct 31, 2019
@girishramnani girishramnani removed this from In progress in Sprint 174 Nov 6, 2019
@girishramnani girishramnani added this to For consideration in Sprint 175 via automation Nov 6, 2019
@girishramnani girishramnani moved this from For consideration to In progress in Sprint 175 Nov 6, 2019
@amitkrout
Copy link
Contributor

i am able to push registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:1.0.0 to openshift registry of a disconnected cluster, however i am facing an issue while creating the component. For example

$ odo create nodejs:8 nodejs --project test123 --context /home/amit/go/src/github.com/openshift/odo/tests/examples/source/nodejs/
 ✗  unable to find tag 8 for image nodejs

Please look into the issue #2333 for details. cc_ @kadel

@kadel kadel removed this from In progress in Sprint 175 Nov 25, 2019
@kadel kadel added this to For consideration in Sprint 176 via automation Nov 25, 2019
@kadel kadel moved this from For consideration to In progress in Sprint 176 Nov 25, 2019
@mohammedzee1000
Copy link
Contributor

So t

AFAIU odo ideally should work in a disconnected env. You just need push odo-init-image to the disconnected env registry and set ODO_BOOTSTRAPPER_IMAGE to access the odo-init-image registry from the cluster.

For example:

  1. odo-init-image is pushed into registry.internal/odo/odo-init-mage:0.13.1
  2. export ODO_BOOTSTRAPPER_IMAGE=registry.internal/odo/odo-init-mage:0.13.1
  3. odo component create ...
  4. odo push and it should work only if component doesn't require access to the outside internet like npm, maven repositories.
  1. odo binaries need to be delivered in-cluster
    Discussion about this is already in progress to have a unified way of doing this for the whole of devtools

To make this work it will need an additional setup such as mirroring. For example for nodejs component, env var NPM_MIRROR can be set as an alternate npm registry which can be achieved through odo config set --env NPM_MIRROR=npmMirrorRegistry or odo component create nodejs --env NPM_MIRROR=npmMirrorRegistry.

Till now i have not verified these steps. I am working on to verify these steps. cc_ @kadel

@wzheng1
Copy link

wzheng1 commented Dec 6, 2019

@amitkrout the error you met about "unable to find tag 8 for image nodejs" is due to nodejs imagestream not imported by default in a disconnected cluster, which you can run $oc describe is nodejs -n openshift to check.

@amitkrout amitkrout mentioned this issue Dec 6, 2019
Closed
@amitkrout amitkrout mentioned this issue Dec 16, 2019
Closed
@kadel kadel added this to For consideration in Sprint 177 via automation Dec 16, 2019
@kadel kadel removed this from In progress in Sprint 176 Dec 16, 2019
@kadel kadel moved this from For consideration to In progress in Sprint 177 Dec 16, 2019
@sspeiche sspeiche modified the milestones: backlog, 1.1 Dec 17, 2019
@kadel kadel removed the need-docs label Dec 17, 2019
@amitkrout
Copy link
Contributor

amitkrout commented Dec 18, 2019
edited

@pmacko1 @kadel
Running odo usecase in a disconnected openshift cluster environment comprises two steps. First push the init image to the cluster private registry or default internal registry and overwrite the init image path using env variable ODO_BOOTSTRAPPER_IMAGE for odo cli use.

How to upload the init image and exporting it through env ODO_BOOTSTRAPPER_IMAGE

Method 1 (For a cluster having a mirror registry) :

Step 1: Use base64 -w0 to encode your mirror registry's root ca content

$ echo <ContentOf_additional_ca> | base64 -d > disconnect-ca.crt

Step 2: Copy the disconnect-ca.crt file

$ sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crt

Step 3: Execute the command to trust ca in your client platform and login to openshift mirror registry

$ sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker && docker login <mirror-registry>:5000 -u <username> -p <password>

Step 4: Mirror the odo init image

$ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7@sha256:f5050000db4040b0c2fe2cc7ce344f74a5596935297efda27f1c76d0ca1d036c <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7

NOTE: oc image mirror does not recognize tag, so add sha256 sum instead.

Step 5: Overwrite init image using environment var ODO_BOOTSTRAPPER_IMAGE

$ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7@sha256:be0a08671b1ca2589dd0a54f05c4e2bb4589eadd27aba0c27dee088c2eb55fa1

Method 2 (If your cluster allows images to push in the internal cluster registry):

Step 1. Enable default route

$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry

Step 2. Get wildcard route ca

$ oc get secret router-certs-default -n openshift-ingress -o yaml
apiVersion: v1
data:
  tls.crt: **************************
  tls.key: ##################
kind: Secret
metadata:
  [...]
type: kubernetes.io/tls

$ echo <tls.crt> | base64 -d > ca.crt

Step 3: Trust ca in your client platform

$ sudo cp ca.crt  /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker

Step 4: login to the internal registry

$ oc get route -n openshift-image-registry
NAME            HOST/PORT                                                                               PATH   SERVICES         PORT    TERMINATION   WILDCARD
default-route   default-route-openshift-image-registry.apps.airgap43-amit.qe.devcluster.openshift.com          image-registry   <all>   reencrypt     None
$ docker login default-route-openshift-image-registry.apps.airgap43-amit.qe.devcluster.openshift.com -u kubeadmin -p $(oc whoami -t)

Step 5: Push the init image

$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:1.0.1

$ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:1.0.1 default-route-openshift-image-registry.apps.airgap43-amit.qe.devcluster.openshift.com/openshiftdo/odo-init-image-rhel7:1.0.1

$ docker push default-route-openshift-image-registry.apps.airgap43-amit.qe.devcluster.openshift.com/openshiftdo/odo-init-image-rhel7:1.0.1

Step 6: Overwrite init image using environment var ODO_BOOTSTRAPPER_IMAGE

$ export ODO_BOOTSTRAPPER_IMAGE=default-route-openshift-image-registry.apps.airgap43-amit.qe.devcluster.openshift.com/openshiftdo/odo-init-image-rhel7:1.0.1

Secondly create a component and push

Nodejs - #2478 (comment)
Java - #2514 (comment)

NOTE - Don't use the init image image push steps again you have done it

@kadel
Copy link
Member

kadel commented Dec 18, 2019
edited by amitkrout

@kadel kadel removed this from In progress in Sprint 177 Dec 18, 2019
@girishramnani girishramnani added the area/disconnected-cluster Issues or PRs related to disconnected clusters or clusters with restricted network access label Dec 18, 2019
@amitkrout amitkrout mentioned this issue Jan 13, 2020
Closed
This was referenced Jan 15, 2020
Closed
Closed
@amitkrout amitkrout modified the milestones: 1.1, 1.2 Jan 21, 2020
@amitkrout
Copy link
Contributor

@kadel As per the cabal discussion i am updating the milestone to 1.2 cc_ @mohammedzee1000

@amitkrout
Copy link
Contributor

amitkrout commented Jan 23, 2020
edited

@kadel As per the cabal discussion i am updating the milestone to 1.2 cc_ @mohammedzee1000

This is only a doc change which can be done through async doc update with ocp 4.3, so moving the milestone back to 1.1 cc_ @pmacko1

@amitkrout amitkrout modified the milestones: 1.2, 1.1 Jan 23, 2020
@kadel kadel added this to For consideration in Sprint 179 via automation Jan 28, 2020
@kadel kadel moved this from For consideration to To do in Sprint 179 Jan 28, 2020
@kadel kadel removed this from To do in Sprint 179 Jan 29, 2020
@amitkrout
Copy link
Contributor

/close
Doc merged in upstream - openshift/openshift-docs#20227

@openshift-ci-robot
Copy link
Collaborator

@amitkrout: Closing this issue.

In response to this:

/close
Doc merged in upstream - openshift/openshift-docs#20227

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amitkrout amitkrout

Labels
area/disconnected-cluster Issues or PRs related to disconnected clusters or clusters with restricted network access kind/epic An issue categorized as a high-level Epic. Needs to be scoped and broken down in 1+ stories/tasks priority/High Important issue; should be worked on before any other issues (except priority/Critical issue(s)).
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
9 participants
@kadel @sspeiche @wzheng1 @girishramnani @mohammedzee1000 @Preeticp @amitkrout @yhontyk @openshift-ci-robot