...
Consider the following example for loading the images.
In order to preserve the images digests in the container registry, we recommend copying the downloaded images into the container registry using a recent version (1.13.3+) of the skopeo
utility (available as a package for most distributions: Installing Skopeo).
Note: The example uses basic authentication. If the authentication is by a token, replace --dest-creds
with --dest-registry-token
along with the authentication token in the commands below.
Make sure OCP’s internal container registry can be accessed from outside the cluster via a
Route
. If not, consider adding the followingRoute
:
Note: Change thehost
value according to your environment.Code Block kind: Route apiVersion: route.openshift.io/v1 metadata: name: default-route namespace: openshift-image-registry spec: host: default-route-openshift-image-registry.apps.ocp4.mycluster.com to: kind: Service name: image-registry weight: 100 tls: termination: reencrypt wildcardPolicy: None
Set variables with the source, destination, versions, credentials, etc. according to your environment:
Code Block CONTAINER_REGISTRY="default-route-openshift-image-registry.apps.ocp4.mycluster.com" DPOD_CLOUD_AGENT_NAMESPACE="dpod-cloud-agent" DPOD_CLOUD_AGENT_VERSION="1.0.20.02" DPOD_CLOUD_AGENT_OPERATOR_VERSION="1.0.02" IMAGES_DIR="/tmp" USER_ID="user"
Load the images to the container registry:
Code Block skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-catalog-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator-catalog:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-marketplace/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-bundle-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator-bundle:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/openshift-operators/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-operator-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-operator:${DPOD_CLOUD_AGENT_OPERATOR_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-api-proxy-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-api-proxy:${DPOD_CLOUD_AGENT_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-http-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-http-ingester:${DPOD_CLOUD_AGENT_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-manager-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-manager:${DPOD_CLOUD_AGENT_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-messaging-broker-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-messaging-broker:${DPOD_CLOUD_AGENT_VERSION}-amd64 skopeo copy --all --preserve-digests --dest-creds=${USER_ID}:$(oc whoami -t) docker-archive:${IMAGES_DIR}/dpod-ca-syslog-ingester-${DPOD_CLOUD_AGENT_VERSION}.tgz \ docker://${CONTAINER_REGISTRY}/${DPOD_CLOUD_AGENT_NAMESPACE}/dpod-cloud-agent-syslog-ingester:${DPOD_CLOUD_AGENT_VERSION}-amd64
...
For such environments, you must manually add the mirroring authentication configuration for each one of the worker nodes in /etc/containers/registries.conf
and reboot the worker nodes by issuing systemctl reboot
on each one of them config.json
.
Note: Change the registry.mirror
entries auth
value according to your environment (see notes of the examples above). You can inspect the content of /tmp/pull-secret
created above which includes the relevant configuration snippet.
Code Block |
---|
[[registry]]{ prefix = "auths": { location = "cp.icr.io/cp/dpod" mirror-by-digest-only = true ... [[registry.mirror]] location = "my-containerhttps://image-registry.example.com/dpod-cloud-agent" [[registry]]openshift-image-registry.svc:5000": { prefix = "" location ="auth": "icr...io/cpopen" mirror-by-digest-only = true [[registry.mirror]] }, location = "my-container-registry.example.com/dpod-cloud-agent" ... } } |