[enterprise-4.3] Disconnected round two, with file system #23615
Conversation
openshift-ci-robot
added
the
size/L
|
@jianlinliu, since https://bugzilla.redhat.com/show_bug.cgi?id=1806782 has merged, do you have any objections to adding this doc to 4.3? (@wking, FYI) |
| ---- | ||
| $ oc image mirror -a ${LOCAL_SECRET_JSON} --from-dir=${REMOVABLE_MEDIA_PATH}/mirror 'file://openshift/release:${OCP_RELEASE}*' ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} | ||
| ---- | ||
| ** If the local container registry and the cluster are connected to the mirror host, directly push the release images to the local registry and apply the ConfigMap to the cluster by using following command: |
There was a problem hiding this comment.
I do not think 4.3 support this feature, especially --apply-release-image-signature
There was a problem hiding this comment.
I'm removing this option and rewording the other one a bit.
| $ echo -n '<user_name>:<password>' | base64 -w0 <1> | ||
|
|
||
| BGVtbYk3ZHAtqXs= | ||
| $ oc registry login --to ./pull-secret.json --registry "<registry_host_and_port>" |
There was a problem hiding this comment.
need --auth-basic=xxx:yyy per https://bugzilla.redhat.com/show_bug.cgi?id=1806779
| $ oc adm release mirror -a ${LOCAL_SECRET_JSON} --to-dir=${REMOVABLE_MEDIA_PATH}/mirror quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --dry-run | ||
| ---- | ||
| . Mirror the version images to the internal container registry: | ||
| .. If your mirror host does not have internet access, connect the removable media to a system that is connected to the internet. |
There was a problem hiding this comment.
On the other hand, here we removed If the local container registry and the cluster are connected to the mirror host, directly push the release images to the local registry scenario, right? I think this scenario is still valid, just not support --apply-release-image-signature option, that means user can run oc adm release mirror -a ${LOCAL_SECRET_JSON} --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}, then need to create an image signature ConfigMap manually.
There was a problem hiding this comment.
This perfectly aligns with what Lala was saying about the disconnected update scenario for 4.3. I think that it will be easier to capture this change in a PR to backport the disconnected update method for 4.3. I'm removing this file from the PR. Are these changes to just the install method ok to merge?
There was a problem hiding this comment.
@jianlinliu, since #24971 is going to address the ConfigMap, is this PR ready to merge?
4.3 contains changes that simplify working with credentials and true disconnected. Updating the docs (draft) to capture the differences and deemphasize the custom bastion, and encourage using your own. More details about what is required from a mirror registry. Try to split out the bits of steps for disconnected and connected mirroring. There are connected mirror use cases.
From #17896
Hold for https://bugzilla.redhat.com/show_bug.cgi?id=1806782 to merge.