Versions Compared

Old Version 1

changes.mady.by.user Amit Munwes

Saved on

compared with

New Version Current

changes.mady.by.user Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Consider the following example for loading the images.
In order to preserve the images digests in the container registry, we recommend copying the downloaded images into the container registry using a recent version (1.13.3+) of the skopeo utility (available as a package for most distributions: Installing Skopeo).
Note: The example uses basic authentication. If the authentication is by a token, replace --dest-creds with --dest-registry-token along with the authentication token in the commands below.

  1. Make sure OCP’s internal container registry can be accessed from outside the cluster via a Route. If not, consider adding the following Route:
    Note: Change the host value according to your environment.

    Code Block
    kind: Route
apiVersion: route.openshift.io/v1
metadata:
  name: default-route
  namespace: openshift-image-registry
spec:
  host: default-route-openshift-image-registry.apps.ocp4.mycluster.com
  to:
    kind: Service
    name: image-registry
    weight: 100
  tls:
    termination: reencrypt
  wildcardPolicy: None

  2. Set variables with the source, destination, versions, credentials, etc. according to your environment:

    Code Block
    CONTAINER_REGISTRY="default-route-openshift-image-registry.apps.ocp4.mycluster.com"
DPOD_CLOUD_AGENT_NAMESPACE="dpod-cloud-agent"
DPOD_CLOUD_AGENT_VERSION="1.0.20.02"
DPOD_CLOUD_AGENT_OPERATOR_VERSION="1.0.02"
IMAGES_DIR="/tmp"
USER_ID="user"

  3. Load the images to the container registry:

    Code Block
    skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/openshift-operators/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_VERSION}-amd64
skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \
    docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_VERSION}-amd64

...

For such environments, you must manually add the mirroring authentication configuration for each one of the worker nodes in /etc/containers/registries.conf and reboot the worker nodes by issuing systemctl reboot on each one of them config.json.
Note: Change the registry.mirror entries auth value according to your environment (see notes of the examples above). You can inspect the content of /tmp/pull-secret created above which includes the relevant configuration snippet.

Code Block
[[registry]]{
  prefix = "auths": {
 location = "cp.icr.io/cp/dpod"   mirror-by-digest-only = true
...
 [[registry.mirror]]     location = "my-containerhttps://image-registry.example.com/dpod-cloud-agent"

[[registry]]openshift-image-registry.svc:5000": {
      prefix = ""   location ="auth": "icr...io/cpopen"
  mirror-by-digest-only = true
  [[registry.mirror]]      },
      location = "my-container-registry.example.com/dpod-cloud-agent" ...
    }
}