New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[enterprise-4.3] Disconnected round two, with file system #23615
Conversation
@jianlinliu, since https://bugzilla.redhat.com/show_bug.cgi?id=1806782 has merged, do you have any objections to adding this doc to 4.3? (@wking, FYI) |
---- | ||
$ oc image mirror -a ${LOCAL_SECRET_JSON} --from-dir=${REMOVABLE_MEDIA_PATH}/mirror 'file://openshift/release:${OCP_RELEASE}*' ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} | ||
---- | ||
** If the local container registry and the cluster are connected to the mirror host, directly push the release images to the local registry and apply the ConfigMap to the cluster by using following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not think 4.3 support this feature, especially --apply-release-image-signature
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm removing this option and rewording the other one a bit.
$ echo -n '<user_name>:<password>' | base64 -w0 <1> | ||
|
||
BGVtbYk3ZHAtqXs= | ||
$ oc registry login --to ./pull-secret.json --registry "<registry_host_and_port>" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need --auth-basic=xxx:yyy
per https://bugzilla.redhat.com/show_bug.cgi?id=1806779
$ oc adm release mirror -a ${LOCAL_SECRET_JSON} --to-dir=${REMOVABLE_MEDIA_PATH}/mirror quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --dry-run | ||
---- | ||
. Mirror the version images to the internal container registry: | ||
.. If your mirror host does not have internet access, connect the removable media to a system that is connected to the internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the other hand, here we removed If the local container registry and the cluster are connected to the mirror host, directly push the release images to the local registry
scenario, right? I think this scenario is still valid, just not support --apply-release-image-signature
option, that means user can run oc adm release mirror -a ${LOCAL_SECRET_JSON} --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}
, then need to create an image signature ConfigMap manually.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This perfectly aligns with what Lala was saying about the disconnected update scenario for 4.3. I think that it will be easier to capture this change in a PR to backport the disconnected update method for 4.3. I'm removing this file from the PR. Are these changes to just the install method ok to merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jianlinliu, since #24971 is going to address the ConfigMap, is this PR ready to merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
4.3 contains changes that simplify working with credentials and true disconnected. Updating the docs (draft) to capture the differences and deemphasize the custom bastion, and encourage using your own. More details about what is required from a mirror registry. Try to split out the bits of steps for disconnected and connected mirroring. There are connected mirror use cases.
From #17896
Hold for https://bugzilla.redhat.com/show_bug.cgi?id=1806782 to merge.