Merge pull request #19697 from openshift-cherrypick-robot/cherry-pick…

…-17978-to-enterprise-4.4 [enterprise-4.4] Update examples for Using sample imagestreams in a restricted network installation
openshift · Feb 12, 2020 · 25f4dc7 · 25f4dc7
2 parents 45128e8 + 48d18b3
commit 25f4dc7
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 11 deletions.
diff --git a/_topic_map.yml b/_topic_map.yml
@@ -643,6 +643,9 @@ Topics:
 - Name: Configuring the Samples Operator
   File: configuring-samples-operator
   Distros: openshift-enterprise,openshift-origin
+- Name: Using the Samples Operator with an alternate registry
+  File: samples-operator-alt-registry
+  Distros: openshift-enterprise,openshift-origin
 - Name: Understanding containers, images, and imagestreams
   File: images-understand
 - Name: Creating images

diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc
@@ -20,6 +20,7 @@
 // * installing/install_config/installing-restricted-networks-preparations.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
+// * openshift_images/samples-operator-alt-registry.adoc
 //
 // AMQ docs link to this; do not change anchor
 

diff --git a/modules/installation-adding-registry-pull-secret.adoc b/modules/installation-adding-registry-pull-secret.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * TBD
+// * openshift_images/samples-operator-alt-registry.adoc
 
 [id="installation-adding-registry-pull-secret_{context}"]
 = Adding the registry to your pull secret

diff --git a/modules/installation-creating-mirror-registry.adoc b/modules/installation-creating-mirror-registry.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
+// * openshift_images/samples-operator-alt-registry.adoc
 
 ifeval::["{context}" == "installing-restricted-networks-preparations"]
 :restricted:

diff --git a/modules/installation-local-registry-pull-secret.adoc b/modules/installation-local-registry-pull-secret.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
+// * openshift_images/samples-operator-alt-registry.adoc
 
 [id="installation-local-registry-pull-secret_{context}"]
 = Creating a pull secret for your mirror registry

diff --git a/modules/installation-mirror-repository.adoc b/modules/installation-mirror-repository.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
+// * openshift_images/samples-operator-alt-registry.adoc
 
 [id="installation-mirror-repository_{context}"]
 = Mirroring the {product-title} image repository

diff --git a/modules/installation-restricted-network-samples.adoc b/modules/installation-restricted-network-samples.adoc
@@ -1,17 +1,33 @@
 // Module included in the following assemblies:
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
+// * openshift_images/samples-operator-alt-registry.adoc
+
+ifeval::["{context}" == "installing-restricted-networks-preparations"]
+:restrictednetwork:
+endif::[]
+
+ifeval::["{context}" == "samples-operator-alt-registry"]
+:samplesoperatoraltreg:
+endif::[]
 
 [id="installation-restricted-network-samples_{context}"]
-= Using sample imagestreams in a restricted network installation
+= Using Samples Operator imagestreams with alternate or mirrored registries
 
 Most imagestreams in the OpenShift namespace managed by the Samples Operator
-point to images located in the Red Hat registry at link:registry.redhat.io[registry.redhat.io]. Mirroring
+point to images located in the Red Hat registry at link:registry.redhat.io[registry.redhat.io].
+ifdef::restrictednetwork[]
+Mirroring
 will not apply to these imagestreams.
-
+endif::[]
 The `jenkins`, `jenkins-agent-maven`, and `jenkins-agent-nodejs` imagestreams
-come from the install payload and are managed by the Samples Operator, so no
-further mirroring procedures are needed for those imagestreams.
+come from the install payload and are managed by the Samples 
+ifdef::restrictednetwork[]
+Operator, so no further mirroring procedures are needed for those imagestreams.
+endif::[]
+ifdef::samplesoperatoraltreg[]
+Operator.
+endif::[]
 
 [NOTE]
 ====
@@ -26,23 +42,32 @@ not addressed in this procedure.
 
 .Procedure
 
+. Access the images of a specific imagestream to mirror, for example:
++
+----
+$ oc get is <imagestream> -n openshift -o json | jq .spec.tags[].from.name | grep registry.redhat.io
+----
++
 . Mirror images from link:registry.redhat.io[registry.redhat.io] associated with any imagestreams you need
-in the restricted network environment into one of the defined mirrors:
+ifdef::restrictednetwork[]
+in the restricted network environment into one of the defined mirrors, for example:
+endif::[]
+ifdef::configsamplesoperator[]
+into your defined preferred registry, for example:
+endif::[]
 +
 ----
-$ oc image mirror myregistry.com/myimage:latest myregistry.com/myimage:stable
+$ oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ${MIRROR_ADDR}/rhscl/ruby-25-rhel7:latest
 ----
 +
 . Add the required trusted CAs for the mirror in the cluster’s image
 configuration object:
 +
 ----
-$ oc create configmap registry-config --from-file=$path/ca.crt -n openshift-config
+$ oc create configmap registry-config --from-file={MIRROR_ADDR}=$path/ca.crt -n openshift-config
 $ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge
 ----
 +
-//(meaning https://github.com/openshift/api/blob/master/config/v1/types_image.go#L46 … add ref to associated doc)
-+
 . Update the `samplesRegistry` field in the Samples Operator configuration object
 to contain the `hostname` portion of the mirror location defined in the mirror
 configuration:
@@ -72,3 +97,11 @@ Many of the templates in the OpenShift namespace
 reference the imagestreams. So using `Removed` to purge both the imagestreams
 and templates will eliminate the possibility of attempts to use them if they
 are not functional because of any missing imagestreams.
+
+ifeval::["{context}" == "installing-restricted-networks-preparations"]
+:!restrictednetwork:
+endif::[]
+
+ifeval::["{context}" == "samples-operator-alt-registry"]
+:!samplesoperatoraltreg:
+endif::[]
diff --git a/openshift_images/samples-operator-alt-registry.adoc b/openshift_images/samples-operator-alt-registry.adoc
@@ -0,0 +1,31 @@
+[id="samples-operator-alt-registry"]
+= Using the Samples Operator with an alternate registry
+include::modules/common-attributes.adoc[]
+:context: samples-operator-alt-registry
+toc::[]
+
+You can use the Samples Operator with an alternate registry by first creating a mirror registry.
+
+[IMPORTANT]
+====
+You must have access to the internet to obtain the necessary container images. In this procedure, you place the mirror registry on a mirror host that has access to both your network and the internet.
+====
+
+include::modules/installation-about-mirror-registry.adoc[leveloffset=+1]
+
+[id="samples-preparing-bastion"]
+=== Preparing the mirror host
+
+Before you create the mirror registry, you must prepare the mirror host.
+
+include::modules/cli-installing-cli.adoc[leveloffset=+2]
+
+include::modules/installation-creating-mirror-registry.adoc[leveloffset=+1]
+
+//include::modules/installation-local-registry-pull-secret.adoc[leveloffset=+1]
+
+include::modules/installation-adding-registry-pull-secret.adoc[leveloffset=+1]
+
+include::modules/installation-mirror-repository.adoc[leveloffset=+1]
+
+include::modules/installation-restricted-network-samples.adoc[leveloffset=+1]