[ACM-2.10] ACM#10464: Extracting OpenShift release image digest

stolostron · May 6, 2024 · c2be753 · c2be753
1 parent 775eea9
commit c2be753
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 20 deletions.
diff --git a/clusters/hosted_control_planes/create_cluster_bm.adoc b/clusters/hosted_control_planes/create_cluster_bm.adoc
@@ -1,51 +1,51 @@
 [#creating-a-hosted-cluster-bm]
 = Creating a hosted cluster on bare metal
 
-You can create a hosted cluster or import one. For instructions to import a hosted cluster, see _Importing a hosted cluster_.
+You can create a hosted cluster on bare metal or import one. For instructions to import a hosted cluster, see _Importing a hosted cluster_.
 
 . Create the hosted control plane namespace by entering the following command:
 
 +
 ----
-oc create ns <hosted-cluster-namespace>-<hosted-cluster-name>
+oc create ns <hosted_cluster_namespace>-<hosted_cluster_name>
 ----
 
 +
-Replace `<hosted-cluster-namespace>` with your hosted cluster namespace name, for example, `clusters`. Replace `<hosted-cluster-name>` with your hosted cluster name.
+Replace `<hosted_cluster_namespace>` with your hosted cluster namespace name, for example, `clusters`. Replace `<hosted_cluster_name>` with your hosted cluster name.
 
 . Verify that you have a default storage class configured for your cluster. Otherwise, you might see pending PVCs. See the following example:
 
 +
 ----
 hcp create cluster agent \
-    --name=<hosted-cluster-name> \ <1>
-    --pull-secret=<path-to-pull-secret> \ <2>
-    --agent-namespace=<hosted-control-plane-namespace> \ <3>
+    --name=<hosted_cluster_name> \ <1>
+    --pull-secret=<path_to_pull_secret> \ <2>
+    --agent-namespace=<hosted_control_plane_namespace> \ <3>
     --base-domain=<basedomain> \ <4>
-    --api-server-address=api.<hosted-cluster-name>.<basedomain> \
-    --etcd-storage-class=<etcd-storage-class> \ <5>
-    --ssh-key  <path-to-ssh-key> \ <6>
-    --namespace <hosted-cluster-namespace> \ <7>
+    --api-server-address=api.<hosted_cluster_name>.<basedomain> \
+    --etcd-storage-class=<etcd_storage_class> \ <5>
+    --ssh-key  <path_to_ssh_public_key> \ <6>
+    --namespace <hosted_cluster_namespace> \ <7>
     --control-plane-availability-policy SingleReplica \
-    --release-image=quay.io/openshift-release-dev/ocp-release:<ocp-release> <8>
+    --release-image=quay.io/openshift-release-dev/ocp-release:<ocp_release_image> <8>
 ----
 
 +
 <1> Specify the name of your hosted cluster, for instance, `example`.
 <2> Specify the path to your pull secret, for example, `/user/name/pullsecret`.
-<3> Specify your hosted control plane namespace, for example, `clusters-example`. Ensure that agents are available in this namespace by using the `oc get agent -n <hosted-control-plane-namespace>` command.
+<3> Specify your hosted control plane namespace, for example, `clusters-example`. Ensure that agents are available in this namespace by using the `oc get agent -n <hosted_control_plane_namespace>` command.
 <4> Specify your base domain, for example, `krnl.es`.
 <5> Specify the etcd storage class name, for example, `lvm-storageclass`.
 <6> Specify the path to your SSH public key. The default file path is `~/.ssh/id_rsa.pub`.
 <7> Specify your hosted cluster namespace.
-<8> Specify the supported {ocp-short} version that you want to use, for example, `4.14.0-x86_64`.
+<8> Specify the supported {ocp-short} version that you want to use, for example, `4.14.0-x86_64`. If you are using a disconnected environment, replace `<ocp_release_image>` with the digest image. To extract the {ocp-short} release image digest, see _Extracting the {ocp-short} release image digest_.
 
 +
 . After a few moments, verify that your hosted control plane pods are up and running by entering the following command:
 
 +
 ----
-oc -n <hosted-control-plane-namespace> get pods
+oc -n <hosted_control_plane_namespacecontrol> get pods
 ----
 
 +
@@ -58,8 +58,6 @@ capi-provider-7dcf5fc4c4-nr9sq                   1/1     Running   0          4m
 catalog-operator-6cd867cc7-phb2q                 2/2     Running   0          2m50s
 certified-operators-catalog-884c756c4-zdt64      1/1     Running   0          2m51s
 cluster-api-f75d86f8c-56wfz                      1/1     Running   0          4m32s
-cluster-autoscaler-7977864686-2rz4c              1/1     Running   0          4m13s
-cluster-network-operator-754cf4ffd6-lwfm2        1/1     Running   0          2m51s
 ----
 
 [#hosted-create-bare-metal-console]
@@ -112,3 +110,5 @@ The **Hosted cluster** view is displayed.
 * To access a hosted cluster, see xref:../hosted_control_planes/access_hosted_cluster.adoc#access-hosted-cluster[Accessing the hosted cluster].
 
 * To add hosts to the host inventory by using the Discovery Image, see link:../cluster_lifecycle/cim_add_host.adoc[Adding hosts to the host inventory by using the Discovery Image].
+
+* To extract the {ocp-short} release image digest, see xref:../hosted_control_planes/disconnected_intro.adoc#configure-hosted-disconnected-digest-image[Extracting the {ocp-short} release image digest].
diff --git a/clusters/hosted_control_planes/disconnected_intro.adoc b/clusters/hosted_control_planes/disconnected_intro.adoc
@@ -15,9 +15,9 @@ The following diagram illustrates an example architecture of a disconnected envi
 image:../images/489_RHACM_HyperShift_on_bare_metal_1223.png[Disconnected architecture diagram]
 
 . You configure infrastructure services, including the registry certificate deployment with TLS support, web server, and DNS, to ensure that the disconnected deployment works.
-. You create a config map in the `openshift-config` namespace. In this example, the config map is named `registry-config`. The content of the config map is the Registry CA certificate. The data field of the config map must contain the following key/value: 
+. You create a config map in the `openshift-config` namespace. In this example, the config map is named `registry-config`. The content of the config map is the Registry CA certificate. The data field of the config map must contain the following key/value:
 
-* Key: `<registry_dns_domain_name>..<port>`
+* Key: `<registry_dns_domain_name>..<port>`, for example, `registry.hypershiftdomain.lab..5000:`. Ensure that you place `..` after the registry DNS domain name when you specify a port.
 * Value: The certificate content
 
 +
@@ -77,13 +77,13 @@ data:
 . At this point, you wait for the deployment process to be completed.
 
 [#configure-hosted-disconnected-networks-prereqs]
-== Prerequisites 
+== Prerequisites
 
 To configure hosted control planes in a disconnected environment, you must meet the following prerequisites:
 
 - CPU: The number of CPUs provided determines how many hosted clusters can run concurrently. In general, use 16 CPUs for each node for 3 nodes. For minimal development, you can use 12 CPUs for each node for 3 nodes.
 - Memory: The amount of RAM affects how many hosted clusters can be hosted. Use 48 GB of RAM for each node. For minimal development, 18 GB of RAM might be sufficient.
-- Storage: Use SSD storage for {mce-short}. 
+- Storage: Use SSD storage for {mce-short}.
 * Management cluster: 250 GB.
 * Registry: The storage needed depends on the number of releases, operators, and images that are hosted. An acceptable number might be 500 GB, preferably separated from the disk that hosts the hosted cluster.
 * Web server: The storage needed depends on the number of ISOs and images that are hosted. An acceptable number might be 500 GB.
@@ -92,7 +92,34 @@ To configure hosted control planes in a disconnected environment, you must meet
 * Management cluster: 500 GB
 * Web server: 2 TB
 
+[#configure-hosted-disconnected-digest-image]
+== Extracting the {ocp-short} release image digest
+
+You can extract the {ocp-short} release image digest by using the tagged image. Complete the following steps:
+
+. Obtain the image digest by running the following command:
+
++
+[source,bash]
+----
+oc adm release info <tagged_openshift_release_image> | grep "Pull From"
+----
++
+Replace `<tagged_openshift_release_image>` with the tagged image for the supported {ocp-short} version, for example, `quay.io/openshift-release-dev/ocp-release:4.14.0-x8_64`.
+
++
+See the following example output:
+
++
+----
+Pull From: quay.io/openshift-release-dev/ocp-release@sha256:69d1292f64a2b67227c5592c1a7d499c7d00376e498634ff8e1946bc9ccdddfe
+----
++
+To know more about the image tag and digest, see _Referencing images in imagestreams_ in the {ocp-short} documentation.
+
 [#disconnected-intro-additional-resources]
 === Additional resources
 
 * xref:../hosted_control_planes/ipv4_tls_certs.adoc#ipv4-tls-certs[Configuring TLS certificates for an IPv4 network]
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/images/managing-images#images-referencing-images-imagestreams_tagging-images[Referencing images in imagestreams]