NO-ISSUE: Update the OCL quickstart guide to match 4.19+ #5097
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@pablintino: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pablintino The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
pablintino
force-pushed
the
update-ocl-quickstart-guide
branch
from
d5b152e to
1779b1b
Compare
| @@ -101,7 +91,7 @@ oc get imagestream/os-images -n openshift-machine-config-operator -o=jsonpath=' | |||
| # (optional): Since this walk-through will use an ImageStream, we need to get the push and | |||
| # pull secret associated with the builder service account. For the sake of this | |||
| # demonstration, lets assume that this command returns the name | |||
| # "builder-dockercfg-123". | |||
| # "builder-dockercfg-". | |||
There was a problem hiding this comment.
Not important suggestion: Is the pull secret outputted in this step always of the form builder-dockercfg-g4fv6? If so maybe it's worth keeping the example return more similar to that.
There was a problem hiding this comment.
I believe so, yes, it's always a 5 char alphanumeric. Certainly my experience.
Also, setting this secret up is in the setup script but I'm wondering if it could be missed by the user.
Is it worth including oc get secrets -o name -n openshift-machine-config-operator -o=jsonpath='{.items[?(@.metadata.annotations.openshift\.io\/internal-registry-auth-token\.service-account=="builder")].metadata.name}' in the comments here for convenience? Or maybe a note in the script section "Keep this secret around, we'll need it later" or something similar?
| @@ -326,58 +301,74 @@ Now that the build has succeeded, we can take a closer look at the `MachineOSBui | |||
| ```console | |||
| $ oc get machineosbuild/layered-rendered-layered-de9c5e764b623c4065a1645261e9d553-builder -o yaml | |||
There was a problem hiding this comment.
| $ oc get machineosbuild/layered-rendered-layered-de9c5e764b623c4065a1645261e9d553-builder -o yaml | |
| $ oc get machineosbuild/layered-917498322fd0fa5e58671398b8cf7780 -o yaml |
| type: Failed | ||
| finalImagePullspec: image-registry.openshift-image-registry.svc:5000/openshift-machine-config-operator/os-images@sha256:c47856f56e1fdb7c9d10a1658e4ea85fbea44d71fb0e82898d152b47e0f894c6 | ||
| digestedImagePushSpec: image-registry.openshift-image-registry.svc:5000/openshift-machine-config-operator/os-image@sha256:adf199658b8535c179fdb6e8ad40889b1b37d882a1bdb930d190d95b44bae548 | ||
|
|
||
| ``` | ||
|
|
||
| We can see what MachineConfig the image was built with, the digested image pullspec, and its overall status. It is worth noting that although the `:latest` tag is shown above, all images will be tagged with the name of the MachineConfig they were built with (this is subject to change). Additionally, when they are pulled to each node, they are only pulled using a digested image pullspec. |
There was a problem hiding this comment.
The example is not showing a tag of latest anymore.
renderedImagePushSpec: image-registry.openshift-image-registry.svc:5000/openshift-machine-config-operator/os-image:layered-917498322fd0fa5e58671398b8cf7780
There was a problem hiding this comment.
I think this is referring to https://github.com/openshift/machine-config-operator/pull/5097/files#diff-55410e53df871626fc56d755274fe927b081c66e24948f8bca9a7e98b0afd591R261, it might be worth moving this note above closer to the MachineOSConfig definition
| @@ -386,19 +377,20 @@ We can see what MachineConfig the image was built with, the digested image pulls | |||
|
|
|||
| At this point, we now have a fully-built image, but we have not yet applied it | |||
| to any of our nodes. For the sake of this walk-through, we'll use the node named | |||
| `ip-10-0-18-226.ec2.internal`: | |||
| `pabrodri-test-tr2jp-worker-a-4kn5h`: | |||
There was a problem hiding this comment.
Later on in this doc it says, "Now, lets add the worker node to our layered MachineConfigPool..." Is it worth mentioning up here that someone needs to select a worker node to test? Or is it assumed that someone going through this flow is aware that only worker nodes are supported for custom MCPs?
|
Can you update the link on the last line, please? The link is missing the starting |
pablintino
force-pushed
the
update-ocl-quickstart-guide
branch
from
1779b1b to
6b11fcf
Compare
|
@pablintino: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| imageBuilderType: Job | ||
| # The Machine OS Builder needs to know what pull secret it can use to pull | ||
| # the base OS image. | ||
| baseImagePullSecret: |
There was a problem hiding this comment.
this is optional now, if the user doesn't provide this we automatically copy the global-pull-secret for use. I think this is worth mentioning here and updating the rest of the doc with this information
| @@ -101,7 +91,7 @@ oc get imagestream/os-images -n openshift-machine-config-operator -o=jsonpath=' | |||
| # (optional): Since this walk-through will use an ImageStream, we need to get the push and | |||
There was a problem hiding this comment.
the global-pull-secret copy creation shown above is optional now, can you please update to reflect that.
| # The Machine OS Builder needs to know what pull secret it can use to pull | ||
| # the base OS image. | ||
| baseImagePullSecret: | ||
| name: global-pull-secret-copy |
There was a problem hiding this comment.
I think we should highlight here as well that this is optional
- What I did
Update the OCL quickstart guide to match the state of OCL in 4.19+
- How to verify it
Follow the guide step by step and ensure you finish it without doing anything else not in the guide.
- Description for the changelog
OCL quickstart guide updated to match 4.19+