[OSDOCS-12036]ROSA-HCP - Image registry mirror config to customers #99809
Conversation
mletalie
force-pushed
the
OSDOCS-12036
branch
from
76b93d6 to
9b6459f
Compare
openshift-ci
bot
added
the
size/XS
|
🤖 Wed Oct 08 15:24:01 - Prow CI generated the docs preview: |
mletalie
changed the title
openshift-ci
bot
added
size/L
mletalie
force-pushed
the
OSDOCS-12036
branch
4 times, most recently
from
c69063b to
ef2f1a8
Compare
modules/rosa-delete-objects.adoc
Outdated
| $ rosa delete machinepool --cluster=mycluster mp-1 | ||
| ---- | ||
| ifdef::openshift-rosa-hcp[] | ||
| [id="rosa-delete-mirro-set_{context}"] |
There was a problem hiding this comment.
i think this might be a typo:
rosa-delete-mirro-set -> rosa-delete-mirror-set
|
on the module docs, can we emphasize at the top that image mirrors only pertain to image reference by digest only at this time (ImageDigestMirrorSets)? and image reference by tag is not available yet with this feature. I think this is what Aaren (PM) wanted to show to customers. |
openshift-ci
bot
added
size/XL
| @@ -0,0 +1,166 @@ | |||
| // Module included in the following assemblies: | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.ModuleContainsContentType: Module is missing the '_mod-docs-content-type' variable.
openshift-ci
bot
added
size/L
mletalie
force-pushed
the
OSDOCS-12036
branch
2 times, most recently
from
fa48c32 to
491153a
Compare
openshift-ci
bot
added
size/XL
| @@ -0,0 +1,100 @@ | |||
| // Module included in the following assemblies: | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.ModuleContainsContentType: Module is missing the '_mod-docs-content-type' variable.
| [id="create-image-mirroring_{context}"] | ||
| == Create image mirroring | ||
|
|
||
| .Procedure |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.AdmonitionTitle: Admonition titles are not supported in DITA.
There was a problem hiding this comment.
I'm not sure exactly what issue the bot is flagging here. Will investigate further.
| // Module included in the following assemblies: | ||
| // | ||
| // * openshift_images/image-configuration-hcp.adoc | ||
|
|
There was a problem hiding this comment.
| :_mod-docs-content-type: CONCEPT |
|
|
||
| IDMS defines a set of cluster-wide policies for registry mirroring. It intercepts image pull requests that identify an image by its unique content-addressable digest. Based on these policies, the IDMS transparently redirects the pull operation from its specified source registry to one or more designated mirror registries. | ||
|
|
||
| The benefits of configuring your {product-title} to pull images from a mirrored registry using IDMS include: |
There was a problem hiding this comment.
| The benefits of configuring your {product-title} to pull images from a mirrored registry using IDMS include: | |
| The benefits of configuring your {product-title} cluster (?) to pull images from a mirrored registry using IDMS include: |
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| The image mirror configuration feature operates exclusively with image references by digest, meaning that image mirroring will only activate when an image is pulled using its unique and immutable ID. Any image references using a mutable tag are currently not supported by this functionality. |
There was a problem hiding this comment.
Wondering if you should move this note back up to about line 10 when digest is first mentioned- might be more useful for the reader.
There was a problem hiding this comment.
Good call...forgot to move after adding those bullet points. thanks!
There was a problem hiding this comment.
Note is still here - just in case you forgot to move it, or maybe you've changed your mind and want to keep it here?
|
|
||
|
|
||
| .Prerequisites | ||
|
|
There was a problem hiding this comment.
There are some extra pluses here and above.
| .Prerequisites | ||
|
|
||
|
|
||
| ** You have installed and configured the latest ROSA CLI on your installation host. |
There was a problem hiding this comment.
| ** You have installed and configured the latest ROSA CLI on your installation host. | |
| ** You have installed and configured the latest {rosa-cli-first} on your installation host. |
|
|
||
| .Procedure | ||
|
|
||
| . Add the following `rhcs_image_mirror` resource block to your Terraform configuration file (e.g., `main.tf`), replacing the variable values with your specific requirements. |
There was a problem hiding this comment.
| . Add the following `rhcs_image_mirror` resource block to your Terraform configuration file (e.g., `main.tf`), replacing the variable values with your specific requirements. | |
| . Add the following `rhcs_image_mirror` resource block to your Terraform configuration file (for example, `main.tf`), replacing the variable values with your specific requirements. |
| $ terraform plan | ||
| ---- | ||
| + | ||
|
|
|
|
||
| . Once you have confirmed that only one resource (`rhcs_image_mirror`) will be added to your {product-title} cluster, and nothing will be changed or destroyed, run the following command to apply the changes: | ||
|
|
||
| + |
There was a problem hiding this comment.
Few extra pluses here and below.
|
|
||
| . Click **Enter** to approve the changes. | ||
|
|
||
| The `ImageContentSourcePolicy` is now configured on your cluster, and the image mirror will be active. No newline at end of file |
There was a problem hiding this comment.
When will it be active- do we know?
| === Q4 2025 | ||
| ifdef::openshift-rosa-hcp[] | ||
| * ** ImageDigestMirrorSets (IDMS) now supported.** | ||
| {product-title} now supports ImageDigestMirrorSets (IDMS), enabling clusters to redirect image pulls to a private, mirrored registry. This enhancement is critical for customers in air-gapped or restricted networks, allowing them to host their own mirrors for third-party images while satisfying strict security and compliance requirements. For more information, see xref:../openshift_images/image-configuration-hcp.adoc#images-registry-mirroring_image-configuration-hcp[Image registry mirroring for {product-title}]. |
There was a problem hiding this comment.
Took a stab at rewriting this to be less passive.
| {product-title} now supports ImageDigestMirrorSets (IDMS), enabling clusters to redirect image pulls to a private, mirrored registry. This enhancement is critical for customers in air-gapped or restricted networks, allowing them to host their own mirrors for third-party images while satisfying strict security and compliance requirements. For more information, see xref:../openshift_images/image-configuration-hcp.adoc#images-registry-mirroring_image-configuration-hcp[Image registry mirroring for {product-title}]. | |
| {product-title} now supports ImageDigestMirrorSets (IDMS), enabling clusters to redirect image pulls to a private, mirrored registry. This critical enhancement means customers in air-gapped or restricted networks can host their own mirrors for third-party images while satisfying strict security and compliance requirements. For more information, see xref:../openshift_images/image-configuration-hcp.adoc#images-registry-mirroring_image-configuration-hcp[Image registry mirroring for {product-title}]. |
mletalie
force-pushed
the
OSDOCS-12036
branch
5 times, most recently
from
63f8b72 to
f3dfd8f
Compare
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| The image mirror configuration feature operates exclusively with image references by digest, meaning that image mirroring will only activate when an image is pulled using its unique and immutable ID. Any image references using a mutable tag are currently not supported by this functionality. |
There was a problem hiding this comment.
Note is still here - just in case you forgot to move it, or maybe you've changed your mind and want to keep it here?
| |=== | ||
|
|
||
| .Examples | ||
| Creating an image mirror configuration for a cluster named `mycluster`. |
There was a problem hiding this comment.
| Creating an image mirror configuration for a cluster named `mycluster`. | |
| Creates an image mirror configuration for a cluster named `mycluster`. |
| An ID is automatically generated and assigned to an image mirror during image mirror configuration creation. | ||
| ==== | ||
|
|
||
| Creating an image mirror configuration with a specific type. |
There was a problem hiding this comment.
| Creating an image mirror configuration with a specific type. | |
| Creates an image mirror configuration with a specific type. |
| ==== | ||
| When editing an image mirror configuration, the new mirrors list completely replaces the existing mirrors list. | ||
| ==== | ||
|
|
| --mirrors=new-primary.company.com/team,new-secondary.company.com/team | ||
| ---- | ||
|
|
||
|
|
modules/rosa-create-objects.adoc
Outdated
| ==== | ||
| The image mirror configuration feature operates exclusively with image references by digest, meaning that image mirroring will only activate when an image is pulled using its unique and immutable ID. Any image references using a mutable tag is currently not supported by this functionality. | ||
|
|
||
| {product-title} clusters must be in the **Ready** state in order to create image. |
There was a problem hiding this comment.
| {product-title} clusters must be in the **Ready** state in order to create image. | |
| {product-title} clusters must be in the **Ready** state in order to create an image. |
| @@ -353,4 +352,57 @@ Associate a `KubeletConfig` object with an existing `high-pid-pool` machine pool | |||
| ---- | |||
| $ rosa edit machinepool -c mycluster --kubelet-configs=set-high-pids high-pid-pool | |||
| ---- | |||
|
|
|||
| // Module included in the following assemblies: | ||
| // | ||
| // * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc | ||
| // * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc |
There was a problem hiding this comment.
Should this be removed as its for HCP only?
AedinC
left a comment
AedinC
left a comment
There was a problem hiding this comment.
Just a few more tiny things.
|
@mletalie: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cherrypick enterprise-4.19 |
|
@mletalie: new pull request created: #100406 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mletalie: new pull request created: #100407 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
6 participants
Version(s):
4.19+
Issue:
https://issues.redhat.com/browse/OSDOCS-12036
Link to docs preview:
images-registry-mirroring_image-configuration-hcp
Create Image Mirror Config
Edit Image Mirror Config
Delete Image Mirror Config
List Image Mirror Config
Configuring in Terraform
Release Note
QE review:
Additional information: