From ee05d1ce7091d857a512048da875691b8d5337da Mon Sep 17 00:00:00 2001 From: Ashleigh Brennan Date: Fri, 26 Jul 2024 13:31:01 -0500 Subject: [PATCH] Move scattered postinstall content to image config section --- _topic_maps/_topic_map.yml | 2 + modules/images-configuration-cas.adoc | 1 - modules/images-configuration-file.adoc | 1 - modules/images-configuration-parameters.adoc | 1 - ...iguration-registry-mirror-configuring.adoc | 3 +- ...configuration-registry-mirror-convert.adoc | 5 +- .../images-configuration-registry-mirror.adoc | 3 +- modules/images-update-global-pull-secret.adoc | 1 - .../cluster-tasks.adoc | 346 ------------------ .../post-install-image-config.adoc | 26 ++ .../preparing-for-users.adoc | 25 +- 11 files changed, 34 insertions(+), 380 deletions(-) create mode 100644 post_installation_configuration/post-install-image-config.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 504daeaeebe3..ed716fdbe6e7 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -583,6 +583,8 @@ Topics: File: node-tasks - Name: Postinstallation network configuration File: post-install-network-configuration +- Name: Configuring image streams and image registries + File: post-install-image-config - Name: Storage configuration File: post-install-storage-configuration - Name: Preparing for users diff --git a/modules/images-configuration-cas.adoc b/modules/images-configuration-cas.adoc index 63c4b7b35472..25067e2bdf36 100644 --- a/modules/images-configuration-cas.adoc +++ b/modules/images-configuration-cas.adoc @@ -2,7 +2,6 @@ // // * registry/configuring-registry-operator.adoc // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc :_mod-docs-content-type: PROCEDURE [id="images-configuration-cas_{context}"] diff --git a/modules/images-configuration-file.adoc b/modules/images-configuration-file.adoc index dfdfcc58b80a..867035457112 100644 --- a/modules/images-configuration-file.adoc +++ b/modules/images-configuration-file.adoc @@ -1,7 +1,6 @@ // Module included in the following assemblies: // // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc :_mod-docs-content-type: PROCEDURE [id="images-configuration-file_{context}"] diff --git a/modules/images-configuration-parameters.adoc b/modules/images-configuration-parameters.adoc index d0354231367c..c1adae16f445 100644 --- a/modules/images-configuration-parameters.adoc +++ b/modules/images-configuration-parameters.adoc @@ -1,7 +1,6 @@ // Module included in the following assemblies: // // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc [id="images-configuration-parameters_{context}"] = Image controller configuration parameters diff --git a/modules/images-configuration-registry-mirror-configuring.adoc b/modules/images-configuration-registry-mirror-configuring.adoc index cf577ef7bffa..4c80f03d9c50 100644 --- a/modules/images-configuration-registry-mirror-configuring.adoc +++ b/modules/images-configuration-registry-mirror-configuring.adoc @@ -1,7 +1,6 @@ // Module included in the following assemblies: // // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc // * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc :_mod-docs-content-type: PROCEDURE @@ -94,7 +93,7 @@ spec: <9> Optional: Indicates a registry, which allows you to use any image in that registry. If you specify a registry name, the object is applied to all repositories from a source registry to a mirror registry. <10> Pulls the image `registry.example.com/example/myimage@sha256:...` from the mirror `mirror.example.net/image@sha256:..`. <11> Pulls the image `registry.example.com/example/image@sha256:...` in the source registry namespace from the mirror `mirror.example.net/image@sha256:...`. -<12> Pulls the image `registry.example.com/myimage@sha256` from the mirror registry `example.net/registry-example-com/myimage@sha256:...`. +<12> Pulls the image `registry.example.com/myimage@sha256` from the mirror registry `example.net/registry-example-com/myimage@sha256:...`. * Create an `ImageContentSourcePolicy` custom resource, replacing the source and mirrors with your own registry and repository pairs and images: + diff --git a/modules/images-configuration-registry-mirror-convert.adoc b/modules/images-configuration-registry-mirror-convert.adoc index d137f60ef016..b96a4056801a 100644 --- a/modules/images-configuration-registry-mirror-convert.adoc +++ b/modules/images-configuration-registry-mirror-convert.adoc @@ -1,7 +1,6 @@ // Module included in the following assemblies: // // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc // * updating/updating-restricted-network-cluster/restricted-network-update.adoc :_mod-docs-content-type: PROCEDURE @@ -12,7 +11,7 @@ Using an `ImageContentSourcePolicy` (ICSP) object to configure repository mirror ICSP objects are being replaced by `ImageDigestMirrorSet` and `ImageTagMirrorSet` objects to configure repository mirroring. If you have existing YAML files that you used to create `ImageContentSourcePolicy` objects, you can use the `oc adm migrate icsp` command to convert those files to an `ImageDigestMirrorSet` YAML file. The command updates the API to the current version, changes the `kind` value to `ImageDigestMirrorSet`, and changes `spec.repositoryDigestMirrors` to `spec.imageDigestMirrors`. The rest of the file is not changed. -Because the migration does not change the `registries.conf` file, the cluster does not need to reboot. +Because the migration does not change the `registries.conf` file, the cluster does not need to reboot. For more information about `ImageDigestMirrorSet` or `ImageTagMirrorSet` objects, see "Configuring image registry repository mirroring" in the previous section. @@ -72,5 +71,3 @@ where: -- . Remove the ICSP objects after the IDMS objects are rolled out. - - diff --git a/modules/images-configuration-registry-mirror.adoc b/modules/images-configuration-registry-mirror.adoc index ea99d67e9ae0..af1638a63e6c 100644 --- a/modules/images-configuration-registry-mirror.adoc +++ b/modules/images-configuration-registry-mirror.adoc @@ -1,7 +1,6 @@ // Module included in the following assemblies: // // * openshift_images/image-configuration.adoc -// * post_installation_configuration/preparing-for-users.adoc // * updating/updating-restricted-network-cluster/restricted-network-update.adoc :_mod-docs-content-type: CONCEPT @@ -53,6 +52,6 @@ requested from the source repository. For new clusters, you can use IDMS, ITMS, and ICSP CRs objects as desired. However, using IDMS and ITMS is recommended. -If you upgraded a cluster, any existing ICSP objects remain stable, and both IDMS and ICSP objects are supported. Workloads using ICSP objects continue to function as expected. However, if you want to take advantage of the fallback policies introduced in the IDMS CRs, you can migrate current workloads to IDMS objects by using the `oc adm migrate icsp` command as shown in the *Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring* section that follows. Migrating to IDMS objects does not require a cluster reboot. +If you upgraded a cluster, any existing ICSP objects remain stable, and both IDMS and ICSP objects are supported. Workloads using ICSP objects continue to function as expected. However, if you want to take advantage of the fallback policies introduced in the IDMS CRs, you can migrate current workloads to IDMS objects by using the `oc adm migrate icsp` command as shown in the *Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring* section that follows. Migrating to IDMS objects does not require a cluster reboot. include::snippets/idms-global-pull-secret.adoc[] diff --git a/modules/images-update-global-pull-secret.adoc b/modules/images-update-global-pull-secret.adoc index f13ff21b666f..1863d4f33b5f 100644 --- a/modules/images-update-global-pull-secret.adoc +++ b/modules/images-update-global-pull-secret.adoc @@ -1,6 +1,5 @@ // Module included in the following assemblies: // * openshift_images/managing_images/using-image-pull-secrets.adoc -// * post_installation_configuration/cluster-tasks.adoc // * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc // * support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc // diff --git a/post_installation_configuration/cluster-tasks.adoc b/post_installation_configuration/cluster-tasks.adoc index 81f78f2da984..4a01008d8dd1 100644 --- a/post_installation_configuration/cluster-tasks.adoc +++ b/post_installation_configuration/cluster-tasks.adoc @@ -160,8 +160,6 @@ xref:../installing/installing_aws/installing-aws-network-customizations.adoc#ins |=== -include::modules/images-update-global-pull-secret.adoc[leveloffset=+1] - [id="adding-worker-nodes_{context}"] == Adding worker nodes @@ -203,335 +201,6 @@ For clusters managed by the multicluster engine for Kubernetes, you can add work * link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#scale-hosts-infrastructure-env[Scaling hosts to an infrastructure environment] -//// -[id="default-crds_{context}"] -== Custom resources - -A number of Custom Resource Definitions (CRDs) are available for you to use to -further tune your {product-title} deployment. You can deploy Custom Resources -that are based on many of these CRDs to add more functionality to your -{product-title} cluster. - -.Default CRDs -[cols="2a,2a,8a,2a,2a",options="header"] -|=== -|Name -|Group -|Description -|Namespaced -|Can deploy CR - - -|Alertmanager -|monitoring.coreos.com -| -|Namespaced -| - -|Authentication -|config.openshift.io -| -|Global -| - -|Build -|config.openshift.io -| -|Global -| - -|CatalogSourceConfig -|operators.coreos.com -| -|Namespaced -| - -|CatalogSource -|operators.coreos.com -| -|Namespaced -| - -|ClusterAutoscaler -|autoscaling.openshift.io -| -|Global -|Yes - -|ClusterDNS -|dns.openshift.io -| -|Global -| - -|IngressController -|operator.openshift.io -| -|Namespaced -| - -|ClusterNetwork -|network.openshift.io -| -|Global -| - -|ClusterOperator -|config.openshift.io -| -|Global -| - -|ClusterOperator -|operatorstatus.openshift.io -| -|Namespaced -| - -|Cluster -|machine.openshift.io -| -|Namespaced -| - -|ClusterServiceVersion -|operators.coreos.com -| -|Namespaced -| - -|ClusterVersion -|config.openshift.io -| -|Global -| - -|Config -|imageregistry.operator.openshift.io -| -|Global -| - -|Config -|samples.operator.openshift.io -| -|Global -| - -|Console -|console.config.openshift.io -|The top-level configuration for the web console. -|Namespaced -|The console CR is created by default with more or less empty values. It honors -new values. If it is deleted, it recreates automatically. - -|ControllerConfig -|machineconfiguration.openshift.io -| -|Global -| - -|CredentialsRequest -|cloudcredential.openshift.io -| -|Namespaced -| - -|DNS -|config.openshift.io -| -|Global -| - -|EgressNetworkPolicy -|network.openshift.io -| -|Namespaced -| - -|HostSubnet -|network.openshift.io -| -|Global -| - -|Image -|config.openshift.io -| -|Global -| - -|Infrastructure -|config.openshift.io -| -|Global -| - -|Ingress -|config.openshift.io -| -|Global -| - -|InstallPlan -|operators.coreos.com -| -|Namespaced -| - -|KubeControllerManager -|operator.openshift.io -| -|Global -| - -|KubeletConfig -|machineconfiguration.openshift.io -| -|Global -| - -|MachineAutoscaler -|autoscaling.openshift.io -| -|Namespaced -|Yes - -|MachineClass -|machine.openshift.io -| -|Namespaced -| - -|MachineConfigPool -|machineconfiguration.openshift.io -| -|Global -| - -|MachineConfig -|machineconfiguration.openshift.io -| -|Global -| - -|MachineDeployment -|machine.openshift.io -| -|Namespaced -| - -|MachineHealthCheck -|healthchecking.openshift.io -| -|Namespaced -| - -|Machine -|machine.openshift.io -| -|Namespaced -| - -|MachineSet -|machine.openshift.io -| -|Namespaced -| - -|MCOConfig -|machineconfiguration.openshift.io -| -|Global -| - -|NetNamespace -|network.openshift.io -| -|Global -| - -|NetworkAttachmentDefinition -|k8s.cni.cncf.io -| -|Namespaced -| - -|NetworkConfig -|networkoperator.openshift.io -| -|Global -| - -|Network -|config.openshift.io -| -|Global -| - -|OAuth -|config.openshift.io -| -|Global -| - -|OpenShiftAPIServer -|operator.openshift.io -| -|Global -| - -|OpenShiftControllerManagerOperatorConfig -|openshiftcontrollermanager.operator.openshift.io -| -|Global -| - -|OperatorGroup -|operators.coreos.com -| -|Namespaced -| - -|Project -|config.openshift.io -| -|Global -| - -|Prometheus -|monitoring.coreos.com -| -|Namespaced -| - -|PrometheusRule -|monitoring.coreos.com -| -|Namespaced -| - -|ServiceCertSignerOperatorConfig -|servicecertsigner.config.openshift.io -| -|Global -| - -|ServiceMonitor -|monitoring.coreos.com -| -|Namespaced -| - -|Subscription -|operators.coreos.com -| -|Namespaced -| - -|=== -//// - [id="post-install-adjust-worker-nodes"] == Adjust worker nodes If you incorrectly sized the worker nodes during deployment, adjust them by creating one or more new compute machine sets, scale them up, then scale the original compute machine set down before removing them. @@ -654,7 +323,6 @@ include::modules/nodes-clusters-cgroups-2.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources - * xref:../nodes/clusters/nodes-cluster-cgroups-2.adoc#nodes-cluster-cgroups-2[Configuring the Linux cgroup version on your nodes] endif::openshift-origin[] ifdef::openshift-origin[] @@ -701,7 +369,6 @@ include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources - * xref:../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates] * link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation @@ -738,16 +405,3 @@ include::modules/manually-removing-cloud-creds.adoc[leveloffset=+2] * xref:../installing/installing_aws/manually-creating-iam.adoc#admin-credentials-root-secret-formats_manually-creating-iam-aws[Amazon Web Services (AWS) secret format] * xref:../installing/installing_azure/manually-creating-iam-azure.adoc#admin-credentials-root-secret-formats_manually-creating-iam-azure[Microsoft Azure secret format] * xref:../installing/installing_gcp/manually-creating-iam-gcp.adoc#admin-credentials-root-secret-formats_manually-creating-iam-gcp[Google Cloud Platform (GCP) secret format] - -[id="post-install-must-gather-disconnected"] -== Configuring image streams for a disconnected cluster - -After installing {product-title} in a disconnected environment, configure the image streams for the Cluster Samples Operator and the `must-gather` image stream. - -include::modules/installation-images-samples-disconnected-mirroring-assist.adoc[leveloffset=+2] - -include::modules/installation-restricted-network-samples.adoc[leveloffset=+2] - -include::modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc[leveloffset=+2] - -include::modules/images-cluster-sample-imagestream-import.adoc[leveloffset=+1] diff --git a/post_installation_configuration/post-install-image-config.adoc b/post_installation_configuration/post-install-image-config.adoc new file mode 100644 index 000000000000..6f8eef25060d --- /dev/null +++ b/post_installation_configuration/post-install-image-config.adoc @@ -0,0 +1,26 @@ +:_mod-docs-content-type: ASSEMBLY +include::_attributes/common-attributes.adoc[] +include::_attributes/attributes-openshift-dedicated.adoc[] +[id="post-install-image-config"] += Configuring image streams and image registries +:context: post-install-image-config + +toc::[] + +You can update the global pull secret for your cluster by either replacing the current pull secret or appending a new pull secret. The procedure is required when users use a separate registry to store images than the registry used during installation. For more information, see xref:../openshift_images/managing_images/using-image-pull-secrets.adoc#using-image-pull-secrets[Using image pull secrets]. + +For information about images and configuring image streams or image registries, see the following documentation: + +* xref:../openshift_images/index.adoc#overview-of-images[Overview of images] +* xref:../registry/configuring-registry-operator.adoc#configuring-registry-operator[Image Registry Operator in {product-title}] +* xref:../openshift_images/image-configuration.adoc#image-configuration[Configuring image registry settings] + +[id="post-install-image-config-disconnected"] +== Configuring image streams for a disconnected cluster + +After installing {product-title} in a disconnected environment, configure the image streams for the Cluster Samples Operator and the `must-gather` image stream. + +include::modules/installation-images-samples-disconnected-mirroring-assist.adoc[leveloffset=+2] +include::modules/installation-restricted-network-samples.adoc[leveloffset=+2] +include::modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc[leveloffset=+2] +include::modules/images-cluster-sample-imagestream-import.adoc[leveloffset=+1] diff --git a/post_installation_configuration/preparing-for-users.adoc b/post_installation_configuration/preparing-for-users.adoc index eef3771944c7..06b97e1517f9 100644 --- a/post_installation_configuration/preparing-for-users.adoc +++ b/post_installation_configuration/preparing-for-users.adoc @@ -118,24 +118,6 @@ include::modules/authentication-kubeadmin.adoc[leveloffset=+1] include::modules/authentication-remove-kubeadmin.adoc[leveloffset=+2] -[id="post-install-image-configuration-resources"] -== Image configuration -Understand and configure image registry settings. - -include::modules/images-configuration-parameters.adoc[leveloffset=+2] - -include::modules/images-configuration-file.adoc[leveloffset=+2] - -For more information on the allowed, blocked, and insecure registry parameters, see xref:../openshift_images/image-configuration.adoc#images-configuration-file_image-configuration[Configuring image registry settings]. - -include::modules/images-configuration-cas.adoc[leveloffset=+2] - -include::modules/images-configuration-registry-mirror.adoc[leveloffset=+1] - -include::modules/images-configuration-registry-mirror-configuring.adoc[leveloffset=+2] - -include::modules/images-configuration-registry-mirror-convert.adoc[leveloffset=+2] - [id="post-install-mirrored-catalogs"] == Populating OperatorHub from mirrored Operator catalogs @@ -146,11 +128,11 @@ If you mirrored Operator catalogs for use with disconnected clusters, you can po * xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#olm-mirror-catalog_installing-mirroring-installation-images[Mirroring Operator catalogs for use with disconnected clusters] -include::modules/olm-mirroring-catalog-icsp.adoc[leveloffset=+2] -include::modules/olm-creating-catalog-from-index.adoc[leveloffset=+2] +include::modules/olm-mirroring-catalog-icsp.adoc[leveloffset=+3] +include::modules/olm-creating-catalog-from-index.adoc[leveloffset=+3] + [role="_additional-resources"] .Additional resources - * xref:../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries] * xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource-image-template_olm-understanding-olm[Image template for custom catalog sources] * xref:../openshift_images/managing_images/image-pull-policy.adoc#image-pull-policy[Image pull policy] @@ -165,6 +147,5 @@ include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources - * xref:../operators/understanding/olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-about_olm-understanding-operatorgroups[About OperatorGroups] endif::[]