Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 10. Operators

10.1. Using Operators with MicroShift
Link kopieren

You can use Operators with MicroShift to create applications that monitor the running services in your cluster. Operators can manage applications and their resources, such as deploying a database or message bus. As customized software running inside your cluster, Operators can be used to implement and automate common operations.

Operators offer a more localized configuration experience and integrate with Kubernetes APIs and CLI tools such as kubectl and oc. Operators are designed specifically for your applications. Operators enable you to configure components instead of modifying a global configuration file.

MicroShift applications are generally expected to be deployed in static environments. However, Operators are available if helpful in your use case. To determine the compatibility of an Operator with MicroShift, check the Operator documentation.

10.1.1. How to use Operators with MicroShift clusters
Link kopieren

There are two ways to use Operators for your MicroShift clusters:

10.1.1.1. Manifests for Operators
Link kopieren

Operators can be installed and managed directly by using manifests. You can use the kustomize configuration management tool with MicroShift to deploy an application. Use the same steps to install Operators with manifests.

10.1.1.2. Operator Lifecycle Manager for Operators
Link kopieren

You can also install add-on Operators to a MicroShift cluster using Operator Lifecycle Manager (OLM). OLM can be used to manage both custom Operators and Operators that are widely available. Building catalogs is required to use OLM with MicroShift.

10.2. Using Operator Lifecycle Manager with MicroShift
Link kopieren

Operator Lifecycle Manager (OLM) is used in MicroShift for installing and running optional add-on Operators. See the following link for more information:

10.2.1. Considerations for using OLM with MicroShift
Link kopieren

  • Cluster Operators as applied in OpenShift Container Platform are not used in MicroShift.

  • You must create your own catalogs for the add-on Operators you want to use with your applications. Catalogs are not provided by default.

    • Each catalog must have an accessible CatalogSource added to a cluster, so that the OLM catalog Operator can use the catalog for content.

  • You must use the CLI to conduct OLM activities with MicroShift. The console and OperatorHub GUIs are not available.

Important

Before using an Operator, verify with the provider that the Operator is supported on Red Hat build of MicroShift.

10.2.2. Determining your OLM installation type
Link kopieren

You can install the OLM package manager for use with MicroShift 4.15 or newer versions. There are different ways to install OLM for MicroShift clusters, depending on your use case.

10.2.3. Namespace use in MicroShift
Link kopieren

The microshift-olm RPM creates the three default namespaces: one for running OLM, and two for catalog and Operator installation. You can create additional namespaces as needed for your use case.

10.2.3.1. Default namespaces
Link kopieren

The following table lists the default namespaces and a brief description of how each namespace works.

Expand
Table 10.1. Default namespaces created by OLM for MicroShift

Default Namespace

Details

openshift-operator-lifecycle-manager

The OLM package manager runs in this namespace.

openshift-marketplace

The global namespace. Empty by default. To make the catalog source to be available globally to users in all namespaces, set the openshift-marketplace namespace in the catalog-source YAML.

openshift-operators

The default namespace where Operators run in MicroShift. Operators that reference catalogs in the openshift-operators namespace must have the AllNamespaces watch scope.

10.2.3.2. Custom namespaces
Link kopieren

If you want to use a catalog and Operator together in a single namespace, then you must create a custom namespace. After you create the namespace, you must create the catalog in that namespace. All Operators running in the custom namespace must have the same single-namespace watch scope.

10.2.4. About building Operator catalogs
Link kopieren

To use Operator Lifecycle Manager (OLM) with MicroShift, you must build custom Operator catalogs that you can then manage with OLM. The standard catalogs that are included with OpenShift Container Platform are not included with MicroShift.

10.2.4.1. File-based Operator catalogs
Link kopieren

You can create catalogs for your custom Operators or filter catalogs of widely available Operators. You can combine both methods to create the catalogs needed for your specific use case. To run MicroShift with your own Operators and OLM, make a catalog by using the file-based catalog structure.

Important
  • When adding a catalog source to a cluster, set the securityContextConfig value to restricted in the catalogSource.yaml file. Ensure that your catalog can run with restricted permissions.

10.2.5. How to deploy Operators using OLM
Link kopieren

After you create and deploy your custom catalog, you must create a Subscription custom resource (CR) that can access the catalog and install the Operators you choose. Where Operators run depends on the namespace in which you create the Subscription CR.

Important

Operators in OLM have a watch scope. For example, some Operators only support watching their own namespace, while others support watching every namespace in the cluster. All Operators installed in a given namespace must have the same watch scope.

10.2.5.1. Connectivity and OLM Operator deployment
Link kopieren

Operators can be deployed anywhere a catalog is running.

  • For clusters that are connected to the internet, mirroring images is not required. Images can be pulled over the network.
  • For restricted networks in which MicroShift has access to an internal network only, images must be mirrored to an internal registry.
  • For use cases in which MicroShift clusters are completely offline, all images must be embedded into an osbuild blueprint.

To deploy different operators to different namespaces, use this procedure. For MicroShift clusters that have network connectivity, Operator Lifecycle Manager (OLM) can access sources hosted on remote registries. The following procedure lists the basic steps of using configuration files to install an Operator that uses the global namespace.

Note

To use an Operator installed in a different namespace, or in more than one namespace, make sure that the catalog source and the Subscription CR that references the Operator are running in the openshift-marketplace namespace.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • Operator Lifecycle Manager (OLM) is installed.
  • You have created a custom catalog in the global namespace.

Procedure

  1. Confirm that OLM is running by using the following command: 

    $ oc -n openshift-operator-lifecycle-manager get pod -l app=olm-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                            READY   STATUS    RESTARTS   AGE
olm-operator-85b5c6786-n6kbc    1/1     Running   0          2m24s
    Copy to Clipboard Toggle word wrap

  2. Confirm that the OLM catalog Operator is running by using the following command: 

    $ oc -n openshift-operator-lifecycle-manager get pod -l app=catalog-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                                READY   STATUS    RESTARTS   AGE
catalog-operator-5fc7f857b6-tj8cf   1/1     Running   0          2m33s
    Copy to Clipboard Toggle word wrap

Note

The following steps assume you are using the global namespace, openshift-marketplace. The catalog must run in the same namespace as the Operator. The Operator must support the AllNamespaces mode.

  1. Create the CatalogSource object by using the following example YAML:

    Example catalog source YAML

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: operatorhubio-catalog
  namespace: openshift-marketplace
    1 
    
spec:
  sourceType: grpc
  image: quay.io/operatorhubio/catalog:latest
  displayName: Community Operators
    2 
    
  publisher: OperatorHub.io
  grpcPodConfig:
    securityContextConfig: restricted
    3 
    
  updateStrategy:
    registryPoll:
      interval: 60m
    Copy to Clipboard Toggle word wrap

    1
    The global namespace. Setting the metadata.namespace to openshift-marketplace enables the catalog to run in all namespaces. Subscriptions in any namespace can reference catalogs created in the openshift-marketplace namespace.
    2
    Community Operators are not installed by default with OLM for MicroShift. Listed here for example only.
    3
    The value of securityContextConfig must be set to restricted for MicroShift.

  2. Apply the CatalogSource configuration by running the following command: 

    $ oc apply -f <catalog_source.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <catalog-source.yaml> with your catalog source configuration file name. In this example, catalogsource.yaml is used.

    Example output

    catalogsource.operators.coreos.com/operatorhubio-catalog created
    Copy to Clipboard Toggle word wrap

  3. To verify that the catalog source is applied, check for the READY state by using the following command: 

    $ oc describe catalogsources.operators.coreos.com -n openshift-marketplace operatorhubio-catalog
    Copy to Clipboard Toggle word wrap

    Example output

    Name:         operatorhubio-catalog
Namespace:    openshift-marketplace
Labels:       <none>
Annotations:  <none>
API Version:  operators.coreos.com/v1alpha1
Kind:         CatalogSource
Metadata:
  Creation Timestamp:  2024-01-31T09:55:31Z
  Generation:          1
  Resource Version:    1212
  UID:                 4edc1a96-83cd-4de9-ac8c-c269ca895f3e
Spec:
  Display Name:  Community Operators
  Grpc Pod Config:
    Security Context Config:  restricted
  Image:                      quay.io/operatorhubio/catalog:latest
  Publisher:                  OperatorHub.io
  Source Type:                grpc
  Update Strategy:
    Registry Poll:
      Interval:  60m
Status:
  Connection State:
    Address:              operatorhubio-catalog.openshift-marketplace.svc:50051
    Last Connect:         2024-01-31T09:55:57Z
    Last Observed State:  READY
    1 
    
  Registry Service:
    Created At:         2024-01-31T09:55:31Z
    Port:               50051
    Protocol:           grpc
    Service Name:       operatorhubio-catalog
    Service Namespace:  openshift-marketplace
Events:                 <none>
    Copy to Clipboard Toggle word wrap

    1
    The status is reported as READY.

  4. Confirm that the catalog source is running by using the following command: 

    $ oc get pods -n openshift-marketplace -l olm.catalogSource=operatorhubio-catalog
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                          READY   STATUS    RESTARTS   AGE
operatorhubio-catalog-x24nh   1/1     Running   0          59s
    Copy to Clipboard Toggle word wrap

  5. Create a Subscription CR configuration file by using the following example YAML:

    Example Subscription custom resource YAML

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: my-cert-manager
  namespace: openshift-operators
spec:
  channel: stable
  name: cert-manager
  source: operatorhubio-catalog
  sourceNamespace: openshift-marketplace
    1
    Copy to Clipboard Toggle word wrap

    1
    The global namespace. Setting the sourceNamespace value to openshift-marketplace enables Operators to run in multiple namespaces if the catalog also runs in the openshift-marketplace namespace.

  6. Apply the Subscription CR configuration by running the following command: 

    $ oc apply -f <subscription_cr.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <subscription_cr.yaml> with your Subscription CR filename.

    Example output

    subscription.operators.coreos.com/my-cert-manager created
    Copy to Clipboard Toggle word wrap

  7. You can create a configuration file for the specific Operand you want to use and apply it now.

Verification

  1. Verify that your Operator is running by using the following command: 

    $ oc get pods -n openshift-operators
    1
    Copy to Clipboard Toggle word wrap
    1
    The namespace from the Subscription CR is used.
    Note

    Allow a minute or two for the Operator start.

    Example output

    NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-7df8994ddb-4vrkr              1/1     Running   0          19s
cert-manager-cainjector-5746db8fd7-69442   1/1     Running   0          18s
cert-manager-webhook-f858bf58b-748nt       1/1     Running   0          18s
    Copy to Clipboard Toggle word wrap

Use this procedure if you want to specify a namespace for an Operator, for example, olm-microshift. In this example, the catalog is scoped and available in the global openshift-marketplace namespace. The Operator uses content from the global namespace, but runs only in the olm-microshift namespace. For MicroShift clusters that have network connectivity, Operator Lifecycle Manager (OLM) can access sources hosted on remote registries.

Important

All of the Operators installed in a specific namespace must have the same watch scope. In this case, the watch scope is OwnNamespace.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • Operator Lifecycle Manager (OLM) is installed.
  • You have created a custom catalog that is running in the global namespace.

Procedure

  1. Confirm that OLM is running by using the following command: 

    $ oc -n openshift-operator-lifecycle-manager get pod -l app=olm-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                           READY   STATUS    RESTARTS   AGE
olm-operator-85b5c6786-n6kbc   1/1     Running   0          16m
    Copy to Clipboard Toggle word wrap

  2. Confirm that the OLM catalog Operator is running by using the following command: 

    $ oc -n openshift-operator-lifecycle-manager get pod -l app=catalog-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                                READY   STATUS    RESTARTS   AGE
catalog-operator-5fc7f857b6-tj8cf   1/1     Running   0          16m
    Copy to Clipboard Toggle word wrap

  3. Create a namespace by using the following example YAML:

    Example namespace YAML

    apiVersion: v1
kind: Namespace
metadata:
  name: olm-microshift
    Copy to Clipboard Toggle word wrap

  4. Apply the namespace configuration using the following command: 

    $ oc apply -f <ns.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <ns.yaml> with the name of your namespace configuration file. In this example, olm-microshift is used.

    Example output

    namespace/olm-microshift created
    Copy to Clipboard Toggle word wrap

  5. Create the Operator group YAML by using the following example YAML:

    Example Operator group YAML

    kind: OperatorGroup
apiVersion: operators.coreos.com/v1
metadata:
  name: og
  namespace: olm-microshift
spec:
    1 
    
  targetNamespaces:
  - olm-microshift
    Copy to Clipboard Toggle word wrap

    1
    For Operators using the global namespace, omit the spec.targetNamespaces field and values.

  6. Apply the Operator group configuration by running the following command: 

    $ oc apply -f <og.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <og.yaml> with the name of your operator group configuration file.

    Example output

    operatorgroup.operators.coreos.com/og created
    Copy to Clipboard Toggle word wrap

  7. Create the CatalogSource object by using the following example YAML:

    Example catalog source YAML

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: operatorhubio-catalog
  namespace: openshift-marketplace
    1 
    
spec:
  sourceType: grpc
  image: quay.io/operatorhubio/catalog:latest
  displayName: Community Operators
    2 
    
  publisher: OperatorHub.io
  grpcPodConfig:
    securityContextConfig: restricted
    3 
    
  updateStrategy:
    registryPoll:
      interval: 60m
    Copy to Clipboard Toggle word wrap

    1
    The global namespace. Setting the metadata.namespace to openshift-marketplace enables the catalog to run in all namespaces. Subscriptions CRs in any namespace can reference catalogs created in the openshift-marketplace namespace.
    2
    Community Operators are not installed by default with OLM for MicroShift. Listed here for example only.
    3
    The value of securityContextConfig must be set to restricted for MicroShift.

  8. Apply the CatalogSource configuration by running the following command: 

    $ oc apply -f <catalog_source.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <catalog_source.yaml> with your catalog source configuration file name.

  9. To verify that the catalog source is applied, check for the READY state by using the following command: 

    $ oc describe catalogsources.operators.coreos.com -n openshift-marketplace operatorhubio-catalog
    Copy to Clipboard Toggle word wrap

    Example output

    Name:         operatorhubio-catalog
Namespace:    openshift-marketplace
Labels:       <none>
Annotations:  <none>
API Version:  operators.coreos.com/v1alpha1
Kind:         CatalogSource
Metadata:
  Creation Timestamp:  2024-01-31T10:09:46Z
  Generation:          1
  Resource Version:    2811
  UID:                 60ce4a36-86d3-4921-b9fc-84d67c28df48
Spec:
  Display Name:  Community Operators
  Grpc Pod Config:
    Security Context Config:  restricted
  Image:                      quay.io/operatorhubio/catalog:latest
  Publisher:                  OperatorHub.io
  Source Type:                grpc
  Update Strategy:
    Registry Poll:
      Interval:  60m
Status:
  Connection State:
    Address:              operatorhubio-catalog.openshift-marketplace.svc:50051
    Last Connect:         2024-01-31T10:10:04Z
    Last Observed State:  READY
    1 
    
  Registry Service:
    Created At:         2024-01-31T10:09:46Z
    Port:               50051
    Protocol:           grpc
    Service Name:       operatorhubio-catalog
    Service Namespace:  openshift-marketplace
Events:                 <none>
    Copy to Clipboard Toggle word wrap

    1
    The status is reported as READY.

  10. Confirm that the catalog source is running by using the following command: 

    $ oc get pods -n openshift-marketplace -l olm.catalogSource=operatorhubio-catalog
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                          READY   STATUS    RESTARTS   AGE
operatorhubio-catalog-j7sc8   1/1     Running   0          43s
    Copy to Clipboard Toggle word wrap

  11. Create a Subscription CR configuration file by using the following example YAML:

    Example Subscription custom resource YAML

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: my-gitlab-operator-kubernetes
  namespace: olm-microshift
    1 
    
spec:
  channel: stable
  name: gitlab-operator-kubernetes
  source: operatorhubio-catalog
  sourceNamespace: openshift-marketplace
    2
    Copy to Clipboard Toggle word wrap

    1
    The specific namespace. Operators reference the global namespace for content, but run in the olm-microshift namespace.
    2
    The global namespace. Subscriptions CRs in any namespace can reference catalogs created in the openshift-marketplace namespace.

  12. Apply the Subscription CR configuration by running the following command: 

    $ oc apply -f <subscription_cr.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <subscription_cr.yaml> with the name of the Subscription CR configuration file.

    Example output

    subscription.operators.coreos.com/my-gitlab-operator-kubernetes
    Copy to Clipboard Toggle word wrap

  13. You can create a configuration file for the specific Operand you want to use and apply it now.

Verification

  1. Verify that your Operator is running by using the following command: 

    $ oc get pods -n olm-microshift
    1
    Copy to Clipboard Toggle word wrap
    1
    The namespace from the Subscription CR is used.
    Note

    Allow a minute or two for the Operator start.

    Example output

    NAME                                         READY   STATUS    RESTARTS   AGE
gitlab-controller-manager-69bb6df7d6-g7ntx   2/2     Running   0          3m24s
    Copy to Clipboard Toggle word wrap

10.3. Creating custom Operator catalogs using the oc-mirror plugin
Link kopieren

You can create custom catalogs with widely available Operators and mirror them by using the oc-mirror OpenShift CLI (oc) plugin.

10.3.1. Using Red Hat-provided Operator catalogs and mirror registries
Link kopieren

You can filter catalogs and delete images to get specific Operators and mirror them by using the oc-mirror OpenShift CLI (oc) plugin. You can also use Operators in disconnected settings or embedded in a Red Hat Enterprise Linux (RHEL) image.

  • To understand more about how to configure your systems for mirroring, follow the links in the following "Additional resources" section.
  • If you are ready to deploy Operators from Red Hat-provided Operator catalogs, mirror them, or to embed them in a RHEL image, start with the following section, "Inspecting catalog contents by using the oc-mirror plugin."

10.3.2. About the oc-mirror plugin for creating a mirror registry
Link kopieren

You can use the oc-mirror OpenShift CLI (oc) plugin with MicroShift to filter and delete images from Operator catalogs. You can then mirror the filtered catalog contents to a mirror registry or use the container images in disconnected or offline deployments.

The procedure to mirror content from Red Hat-hosted registries connected to the internet to a disconnected image registry is the same, independent of the registry you select. After you mirror the contents of your catalog, configure each cluster to retrieve this content from your mirror registry.

10.3.2.1. Connectivity considerations when populating a mirror registry
Link kopieren

When you populate your registry, you can use one of following connectivity scenarios:

Connected mirroring
If you have a host that can access both the internet and your mirror registry, but not your cluster node, you can directly mirror the content from that machine.
Disconnected mirroring

If you do not have a host that can access both the internet and your mirror registry, you must mirror the images to a file system and then bring that host or removable media into your disconnected environment.

Important

A container registry must be reachable by every machine in the cluster that you provision. Installing, updating, and other operations, such as relocating workloads, fail if the registry is unreachable.

To avoid problems caused by an unreachable registry, use the following standard practices:

  • Run mirror registries in a highly available way.
  • Ensure that the mirror registry at least matches the production availability of your clusters.

10.3.3. Inspecting catalog contents by using the oc-mirror plugin
Link kopieren

Use the following example procedure to select a catalog and list OpenShift Container Platform Operators to add to your oc-mirror plugin image set configuration file. You must use oc mirror v1 to selecting a catalog and listing Operators.

Note

If you use your own catalogs and Operators, you can push the images directly to your internal registry.

Prerequisites

  • You uninstalled OpenShift CLI (oc).
  • You installed the Operator Lifecycle Manager (OLM).
  • You installed the oc-mirror plugin.

Procedure

  1. Get a list of available Red Hat-provided Operator catalogs to filter by running the following command: 

    $ oc mirror list operators --version 4.19 --catalogs
    Copy to Clipboard Toggle word wrap

  2. Get a list of Operators in the Red Hat Operators catalog by running the following command: 

    $ oc mirror list operators <--catalog=<catalog_source>>
    1
    Copy to Clipboard Toggle word wrap
    1
    Specifies your catalog source, such as registry.redhat.io/redhat/redhat-operator-index:v4.19 or quay.io/operatorhubio/catalog:latest.
  3. Select an Operator. This example uses the amq-broker-rhel9 Operator.

  4. Optional: To inspect the channels and versions of the Operator you want to filter, enter the following commands:

    1. Get a list of channels by running the following command: 

      $ oc mirror list operators --catalog=registry.redhat.io/redhat/redhat-operator-index:v4.19 --package=amq-broker-rhel9
      Copy to Clipboard Toggle word wrap

    2. Get a list of versions within a channel by running the following command: 

      $ oc mirror list operators --catalog=registry.redhat.io/redhat/redhat-operator-index:v4.19 --package=amq-broker-rhel9 --channel=7.13.x
      Copy to Clipboard Toggle word wrap

Next steps

  • Create and edit an image set configuration file using the information gathered in this procedure.
  • Mirror the images from the transformed image set configuration file to a mirror registry or disk.

10.3.4. Creating an image set configuration file
Link kopieren

You must create an ImageSetConfiguration YAML file. This image set configuration file specifies both the Operators to mirror and the configuration settings for the oc-mirror plugin. Edit the contents of the image set configuration file so that the entries are compatible with both MicroShift and the Operator you plan to use.

Note

oc mirror v2 uses a cache system instead of metadata. The cache system prevents the need to start the entire mirroring process over when a single step fails. Instead, you can troubleshoot the failed step and the process does not re-mirror images that existed before the failure.

Prerequisites

Procedure

  1. Create and edit the ImageSetConfiguration YAML for MicroShift by using the following example as a guide:

    Example edited MicroShift image set configuration file

    kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v2alpha1
mirror:
  operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.19
    1 
    
    packages:
    - name: amq-broker-rhel9
    2 
    
      channels:
      - name: 7.13.x
    3 
    
  additionalImages:
    4 
    
   - name: quay.io/rh_ee_aguidi/multi-platform-container:latest
   - name: quay.io/rh_ee_aguidi/empty-image:latest
    Copy to Clipboard Toggle word wrap

    1
    Set the Operator catalog to retrieve images from.
    2
    Specify the Operator packages to include in the image set. Remove this field to retrieve all packages in the catalog.
    3
    Specify only certain channels of the Operator packages to include in the image set. You must always include the default channel for the Operator package even if you do not use the bundles in that channel. You can find the default channel by running the following command: oc mirror list operators --catalog=<catalog_name> --package=<package_name>.
    4
    Specify any additional images to include in the image set. If you do not need to specify additional images, delete this field.
    Important

    The platform field, related fields, and Helm are not supported by MicroShift.

  2. Save the updated file as ImageSetConfiguration.yaml.

Next steps

  • Use the oc-mirror plugin to mirror an image set directly to a target mirror registry.
  • Configure CRI-O.
  • Apply the catalog sources to your clusters.

10.3.4.1. ImageSet configuration parameters for oc-mirror plugin v2
Link kopieren

The oc-mirror plugin v2 requires an image set configuration file that defines what images to mirror. The following table lists the available parameters for the ImageSetConfiguration resource.

Note

Using the minVersion and maxVersion properties to filter for a specific Operator version range can result in a multiple channel heads error. The error message states that there are multiple channel heads. This is because when the filter is applied, the update graph of the Operator is truncated.

OLM requires that every Operator channel contains versions that form an update graph with exactly one end point, that is, the latest version of the Operator. When the filter range is applied, that graph can turn into two or more separate graphs or a graph that has more than one end point.

To avoid this error, do not filter out the latest version of an Operator. If you still run into the error, depending on the Operator, either the maxVersion property must be increased or the minVersion property must be decreased. Because every Operator graph can be different, you might need to adjust these values until the error resolves.

Expand
Table 10.2. ImageSetConfiguration parameters
ParameterDescriptionValues

apiVersion

The API version of the ImageSetConfiguration content.

String Example: mirror.openshift.io/v2alpha1

mirror

The configuration of the image set.

Object

mirror.additionalImages

The additional images configuration of the image set.

Array of objects

Example: 

additionalImages:
  - name: registry.redhat.io/ubi8/ubi:latest
Copy to Clipboard Toggle word wrap

mirror.additionalImages.name

The tag or digest of the image to mirror.

String Example: registry.redhat.io/ubi8/ubi:latest

mirror.blockedImages

List of images with a tag or digest (SHA) to block from mirroring.

Array of strings Example: docker.io/library/alpine

mirror.operators

The Operators configuration of the image set.

Array of objects

Example: 

operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:4.19
    packages:
      - name: elasticsearch-operator
        minVersion: '2.4.0'
Copy to Clipboard Toggle word wrap

mirror.operators.catalog

The Operator catalog to include in the image set.

String Example: registry.redhat.io/redhat/redhat-operator-index:v4.15

mirror.operators.full

When true, downloads the full catalog, Operator package, or Operator channel.

Boolean The default value is false.

mirror.operators.packages

The Operator packages configuration.

Array of objects

Example: 

operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:4.19
    packages:
      - name: elasticsearch-operator
        minVersion: '5.2.3-31'
Copy to Clipboard Toggle word wrap

mirror.operators.packages.name

The Operator package name to include in the image set.

String Example: elasticsearch-operator

mirror.operators.packages.channels

Operator package channel configuration

Object

mirror.operators.packages.channels.name

The Operator channel name, unique within a package, to include in the image set.

String Eample: fast or stable-v4.15

mirror.operators.packages.channels.maxVersion

The highest version of the Operator mirror across all channels in which it exists.

String Example: 5.2.3-31

mirror.operators.packages.channels.minVersion

The lowest version of the Operator to mirror across all channels in which it exists

String Example: 5.2.3-31

mirror.operators.packages.maxVersion

The highest version of the Operator to mirror across all channels in which it exists.

String Example: 5.2.3-31

mirror.operators.packages.minVersion

The lowest version of the Operator to mirror across all channels in which it exists.

String Example: 5.2.3-31

mirror.operators.targetCatalog

An alternative name and optional namespace hierarchy to mirror the referenced catalog as

String Example: my-namespace/my-operator-catalog

mirror.operators.targetCatalogSourceTemplate

Path on disk for a template to use to complete catalogSource custom resource generated by oc-mirror plugin v2.

String Example: /tmp/catalog-source_template.yaml Example of a template file: 

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: discarded
  namespace: openshift-marketplace
spec:
  image: discarded
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 30m0s
Copy to Clipboard Toggle word wrap

mirror.operators.targetTag

An alternative tag to append to the targetName or targetCatalog.

String Example: v1

10.3.4.1.1. DeleteImageSetConfiguration parameters
Link kopieren

To use remove images with the oc-mirror plugin v2, you must use a DeleteImageSetConfiguration.yaml configuration file that defines which images to delete from the mirror registry. The following table lists the available parameters for the DeleteImageSetConfiguration resource.

Expand
Table 10.3. DeleteImageSetConfiguration parameters
ParameterDescriptionValues

apiVersion

The API version for the DeleteImageSetConfiguration content.

String Example: mirror.openshift.io/v2alpha1

delete

The configuration of the image set to delete.

Object

delete.additionalImages

The additional images configuration of the delete image set.

Array of objects Example: 

additionalImages:
  - name: registry.redhat.io/ubi8/ubi:latest
Copy to Clipboard Toggle word wrap

delete.additionalImages.name

The tag or digest of the image to delete.

String Example: registry.redhat.io/ubi8/ubi:latest

delete.operators

The Operators configuration of the delete image set.

Array of objects Example: 

operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:{product-version}
    packages:
      - name: elasticsearch-operator
        minVersion: '2.4.0'
Copy to Clipboard Toggle word wrap

delete.operators.catalog

The Operator catalog to include in the delete image set.

String Example: registry.redhat.io/redhat/redhat-operator-index:v4.15

delete.operators.full

When true, deletes the full catalog, Operator package, or Operator channel.

Boolean The default value is false

delete.operators.packages

Operator packages configuration

Array of objects Example: 

operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:{product-version}
    packages:
      - name: elasticsearch-operator
        minVersion: '5.2.3-31'
Copy to Clipboard Toggle word wrap

delete.operators.packages.name

The Operator package name to include in the delete image set.

String Example: elasticsearch-operator

delete.operators.packages.channels

Operator package channel configuration

Object

delete.operators.packages.channels.name

The Operator channel name, unique within a package, to include in the delete image set.

String Example: fast or stable-v4.15

delete.operators.packages.channels.maxVersion

The highest version of the Operator to delete within the selected channel.

String Example: 5.2.3-31

delete.operators.packages.channels.minVersion

The lowest version of the Operator to delete within the selection in which it exists.

String Example: 5.2.3-31

delete.operators.packages.maxVersion

The highest version of the Operator to delete across all channels in which it exists.

String Example: 5.2.3-31

delete.operators.packages.minVersion

The lowest version of the Operator to delete across all channels in which it exists.

String Example: 5.2.3-31

10.3.5. Mirroring from mirror to mirror
Link kopieren

You can use the oc-mirror plugin to mirror an image set directly to a target mirror registry that is accessible during image set creation.

Prerequisites

  • You have access to the internet to get the required container images.
  • You installed the OpenShift CLI (oc).
  • You installed the oc-mirror CLI plugin.
  • You created the image set configuration file.

Procedure

  • Mirror the images from the specified image set configuration to a specified registry by running the following command: 

    $ oc-mirror --config imageset-config.yaml --workspace file://<emphasis><v2_workspace></emphasis> \
    1 
    
  docker://<emphasis><remote_registry></emphasis> --v2
    2
    Copy to Clipboard Toggle word wrap
    1
    You must use the --workspace flag for the mirror-to-mirror process. Replace <v2_workspace> with the directory you want to use to store custom resources for the mirroring process.
    2
    Replace <remote_registry> with the name of the registry to mirror the image set file to. The registry must start with docker://. If you specify a top-level namespace for the mirror registry, you must also use this same namespace on later executions.

    Example output

    Rendering catalog image "registry.example.com/redhat/redhat-operator-index:v{ocp-version}" with file-based catalog
    Copy to Clipboard Toggle word wrap

    Important

    You must use the ImageDigestMirrorSet YAML file as reference content for manual configuration of CRI-O in MicroShift. You cannot apply the resource directly into a MicroShift cluster.

Verification

  1. List the contents of the cluster-resources subdirectory by running the following command: 

    $ ls <v2_workspace>/working-dir/cluster-resources/
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <v2_workspace> with the directory you used to store custom resources for the mirroring process.

Next steps

  • Convert the ImageDigestMirrorSet YAML content for use in manually configuring CRI-O.
  • If required, mirror the images from mirror to disk for disconnected or offline use.

Troubleshooting

10.3.6. Configuring CRI-O for using a registry mirror for Operators
Link kopieren

You must transform the ImageDigestMirrorSet YAML file created with the oc-mirror plugin into a format that is compatible with the CRI-O container runtime configuration used by MicroShift.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • You installed Operator Lifecycle Manager (OLM).
  • You installed the oc-mirror plugin.
  • You installed the yq binary.
  • The ImageDigestMirrorSet and CatalogSource YAML files are available in the cluster-resources subdirectory.

Procedure

  1. Confirm the contents of the ImageDigestMirrorSet YAML file by running the following command: 

    $ cat <v2_workspace>/working-dir/cluster-resources/imagedigestmirrorset.yaml
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <v2_workspace> with the directory name that you used when you generated mirroring resources.

    Example output

    apiVersion: config.openshift.io/v1
kind: ImageDigestMirrorSet
metadata:
  labels:
    operators.openshift.org/catalog: "true"
  name: operator-0
spec:
  imageDigestMirrors:
  - mirrors:
    - registry.example.com/amq7
    source: registry.redhat.io/amq7
    Copy to Clipboard Toggle word wrap

  2. Transform the imagedigestmirrorset.yaml into a format ready for CRI-O configuration by running the following command: 

    yq '.spec.imageDigestMirrors[] as $item ireduce([]; . + [{"mirror": $item.mirrors[], "source": ($item | .source)}]) | .[] |
  "[[registry]]
      prefix = \"" + .source + "\"
      location = \"" + .mirror + "\"
      mirror-by-digest-only = true
      insecure = true
      "' ./mirror1/working-dir/cluster-resources/imagedigestmirrorset.yaml
    Copy to Clipboard Toggle word wrap

    Example output

    [[registry]]
      prefix = "registry.redhat.io/amq7"
      location = "registry.example.com/amq7"
      mirror-by-digest-only = true
      insecure = true
    Copy to Clipboard Toggle word wrap

  3. Add the output to the CRI-O configuration file in the /etc/containers/registries.conf.d/ directory:

    Example crio-config.yaml mirror configuration file

    [[registry]]
      prefix = "registry.redhat.io/amq7"
      location = "registry.example.com/amq7"
      mirror-by-digest-only = true
      insecure = true

[[registry]]
    prefix = ""
    location = "quay.io"
    mirror-by-digest-only = true
[[registry.mirror]]
    location = "<registry_host>:<port>"
    1 
    
    insecure = false
    Copy to Clipboard Toggle word wrap

    1
    Specify the hostname and port of your mirror registry server, for example microshift-quay:8443.

  4. Apply the CRI-O configuration changes by restarting MicroShift with the following command: 

    $ sudo systemctl restart crio
    Copy to Clipboard Toggle word wrap

10.3.7. Installing a custom catalog created with the oc-mirror plugin
Link kopieren

After you mirror your image set to the mirror registry, you must apply the generated CatalogSource custom resource (CR) into the cluster. Operator Lifecycle Manager (OLM) uses the CatalogSource CR to retrieve information about the available Operators in the mirror registry. You must then create and apply a subscription CR to subscribe to your custom catalog.

Prerequisites

  • You mirrored the image set to your registry mirror.
  • You added image reference information to the CRI-O container runtime configuration.

Procedure

  1. Apply the catalog source configuration file from the results directory to create the catalog source object by running the following command: 

    $ oc apply -f ./<v2_workspace>/working-dir/cluster-resources/catalogSource-cs-redhat-catalog.yaml
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <v2_workspace> with the directory you used to store custom resources for the mirroring process.

    Example output

    catalogsource.operators.coreos.com/cs-redhat-catalog created
    Copy to Clipboard Toggle word wrap

  2. For reference, see the following example file:

    Example catalog source configuration file

    apiVersion: operators.coreos.com/v2alpha1
kind: CatalogSource
metadata:
  name: redhat-catalog
  namespace: openshift-marketplace
    1 
    
spec:
  sourceType: grpc
  image: registry.example.com/redhat/redhat-catalog:v4.19
  updateStrategy:
    registryPoll:
      interval: 60m
    Copy to Clipboard Toggle word wrap

    1
    Specifies the global namespace. Setting the metadata.namespace to openshift-marketplace enables the catalog to reference catalogs in all namespaces. Subscriptions in any namespace can reference catalogs created in the openshift-marketplace namespace.

  3. Verify that the CatalogSource resources were successfully installed by running the following command: 

    $ oc get catalogsource --all-namespaces
    Copy to Clipboard Toggle word wrap

    Example output

    NAMESPACE               NAME                  DISPLAY               TYPE   PUBLISHER   AGE
openshift-marketplace   certified-operators   Certified Operators   grpc   Red Hat     37m
openshift-marketplace   community-operators   Community Operators   grpc   Red Hat     37m
openshift-marketplace   redhat-marketplace    Red Hat Marketplace   grpc   Red Hat     37m
openshift-marketplace   redhat-catalog        Red Hat Catalog     grpc   Red Hat     37m
    Copy to Clipboard Toggle word wrap

  4. Verify that the catalog source is running by using the following command: 

    $ oc get pods -n openshift-marketplace
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             READY   STATUS    RESTARTS   AGE
cs-redhat-catalog-4227b   2/2     Running   0          2m5s
    Copy to Clipboard Toggle word wrap

  5. Create a Subscription CR, similar to the following example:

    Example Subscription CR

    apiVersion: operators.coreos.com/v2alpha1
kind: Subscription
metadata:
  name: amq-broker
  namespace: openshift-operators
spec:
  channel: 7.13.x
  name: amq-broker-rhel9
  source: cs-redhat-catalog
  sourceNamespace: openshift-marketplace
    Copy to Clipboard Toggle word wrap

  6. Apply the Subscription CR configuration by running the following command: 

    $ oc apply -f ./<subscription_cr.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Specify the name of your subscription in <subscription_cr.yaml>, for example amq—​broker-subscription-cr.yaml.

    Example output

    subscription.operators.coreos.com/amq-broker created
    Copy to Clipboard Toggle word wrap

10.4. Adding OLM-based Operators to a disconnected cluster
Link kopieren

You can use OLM-based Operators in disconnected situations by embedding them in a Red Hat Enterprise Linux for Edge (RHEL for Edge) image.

10.4.1. About adding OLM-based Operators to a disconnected cluster
Link kopieren

For Operators that are installed on disconnected clusters, Operator Lifecycle Manager (OLM) by default cannot access sources hosted on remote registries because those remote sources require full internet connectivity. Therefore, you must mirror the remote registries to a highly available container registry.

The following steps are required to use OLM-based Operators in disconnected situations:

  • Include OLM in the container image list for your mirror registry.
  • Configure the system to use your mirror registry by updating your CRI-O configuration directly. ImageContentSourcePolicy is not supported in MicroShift.
  • Add a CatalogSource object to the cluster so that the OLM catalog Operator can use the local catalog on the mirror registry.
  • Ensure that MicroShift is installed to run in a disconnected capacity.
  • Ensure that the network settings are configured to run in disconnected mode.

After enabling OLM in a disconnected cluster, you can continue to use your internet-connected workstation to keep your local catalog sources updated as newer versions of Operators are released.

10.4.1.1. Performing a dry run
Link kopieren

You can use oc-mirror to perform a dry run, without actually mirroring any images. A dry run means you can review the list of images to be mirrored. You can catch any errors with your image set configuration early by using a dry run, or use the generated list of images with other tools to conduct mirroring.

Prerequisites

  • You have access to the internet to obtain the necessary container images.
  • You installed the OpenShift CLI (oc).
  • You installed the oc-mirror CLI plugin.
  • You created the image set configuration file.

Procedure

  1. Run the oc mirror command with the --dry-run flag to perform a dry run: 

    $ oc-mirror --config <ImageSetConfig.yaml> docker://localhost:5000 --workspace file://<outm2m> --dry-run --v2
    Copy to Clipboard Toggle word wrap

    where:

    ImageSetConfig.yaml
    Specifies the name of the image set configuration file that you created.
    docker://localhost:5000
    Specifies the mirror registry. Nothing is mirrored to this registry when you use the --dry-run flag.
    --workspace file://<outm2m>
    Insert the address of the workspace path.
    --dry-run
    The dry run flag generates the dry run artifacts and not an actual image set file.
    --v2

    Specifies oc mirror v2.

    Example output

    2025/08/25 15:50:44  [INFO]   : 👋 Hello, welcome to oc-mirror
2025/08/25 15:50:44  [INFO]   : ⚙  setting up the environment for you...
2025/08/25 15:50:44  [INFO]   : 🔀 workflow mode: mirrorToMirror
2025/08/25 15:50:44  [INFO]   : 🕵  going to discover the necessary images...
2025/08/25 15:50:44  [INFO]   : 🔍 collecting release images...
2025/08/25 15:50:44  [INFO]   : 🔍 collecting operator images...
 ✓   (1m30s) Collecting catalog registry.redhat.io/redhat/redhat-operator-index:v4.20
2025/08/25 15:52:14  [INFO]   : 🔍 collecting additional images...
2025/08/25 15:52:14  [INFO]   : 📄 list of all images for mirroring in : wspace/working-dir/dry-run/mapping.txt
2025/08/25 15:52:14  [INFO]   : mirror time     : 1m30.399585837s
2025/08/25 15:52:14  [INFO]   : 👋 Goodbye, thank you for using oc-mirror
    Copy to Clipboard Toggle word wrap

  2. Review the mapping.txt file that was generated by running the following command: 

    $ cat wspace/working-dir/dry-run/mapping.txt
    Copy to Clipboard Toggle word wrap

    Example output

    docker://registry.redhat.io/amq8/amq-broker-rhel9@sha256:47fd4ce2533496828aba37bd1f9715e2164d5c90bd0fc6b25e7e0786d723bf01=docker://mirror.com/amq8/amq-broker-rhel9:sha256-47fd4ce2533496828aba37bd1f9715e2164d5c90bd0fc6b25e7e0786d723bf01
docker://registry.redhat.io/amq8/amq-broker-init-rhel9@sha256:9cc48eecf1442ae04b8543fa5d4381a13bc2831390850828834d387006d1342b=docker://mirror.com/amq7/amq-broker-init-rhel9:sha256-9cc48eecf1442ae04b8543fa5d4381a13bc2831390850828834d387006d1342b
docker://registry.redhat.io/amq8/amq-broker-rhel9@sha256:bb6fbd68475a7852b4d99eea6c4ab313f9267da7963162f0d75375d7063409e7=docker://mirror.com/amq8/amq-broker-rhel9:sha256-bb6fbd68475a7852b4d99eea6c4ab313f9267da7963162f0d75375d7063409e7
docker://registry.redhat.io/amq8/amq-broker-rhel9@sha256:d42d713da0ce6806fdc6492b6342586783e6865a82a8647d3c4288439b1751ee=docker://mirror.com/amq8/amq-broker-rhel9:sha256-d42d713da0ce6806fdc6492b6342586783e6865a82a8647d3c4288439b1751ee
docker://registry.redhat.io/amq8/amq-broker-init-rhel9@sha256:ffffa9875f0379e9373f89f05eb06e5a193273bb04bc3aa5f85b044357b79098=docker://mirror.com/amq8/amq-broker-init-rhel9:sha256-ffffa9875f0379e9373f89f05eb06e5a193273bb04bc3aa5f85b044357b79098
    Copy to Clipboard Toggle word wrap

10.4.1.2. Getting catalogs and Operator container image references
Link kopieren

After performing a dry run with the oc-mirror plugin to review the list of images that you want to mirror, you must get all of the container image references, then format the output for adding to an image builder blueprint.

Note

For catalogs made for proprietary Operators, you can format image references for the image builder blueprint without using the following procedure.

Prerequisites

  • You have a catalog index for the Operators you want to use.
  • You have installed the jq CLI tool.
  • You are familiar with image builder blueprint files.
  • You have an image builder blueprint TOML file.

Procedure

  1. Parse the catalog index.json file to get the image references that you need to include in the image builder blueprint. You can use either the unfiltered catalog or you can filter out images that cannot be mirrored:

    1. Parse the unfiltered catalog index.json file to get the image references by running the following command: 

      jq -r --slurp '.[] | select(.relatedImages != null) | "[[containers]]\nsource = \"" + .relatedImages[].image + "\"\n"'   ./oc-mirror-workspace/src/catalogs/registry.redhat.io/redhat/redhat-operator-index/v4.19/index/index.json
      Copy to Clipboard Toggle word wrap

    2. If you want to filter out images that cannot be mirrored, filter and parse the catalog index.json file by running the following command: 

      $ jq -r --slurp '.[] | select(.relatedImages != null) | .relatedImages[] | select(.name |  contains("ppc") or contains("s390x") | not) | "[[containers]]\\nsource = \\"" + .image + "\\"\\n"' ./oc-mirror-workspace/src/catalogs/registry.redhat.io/redhat/redhat-operator-index/v4.19/index/index.json
      Copy to Clipboard Toggle word wrap
      Note

      This step uses the AMQ Broker Operator as an example. You can add other criteria to the jq command for further filtering as required by your use case.

      Example image-reference output

      [[containers]]
source = "registry.redhat.io/amq8/amq-broker-init-rhel9@sha256:0b2126cfb6054fdf428c1f43b69e36e93a09a49ce15350e9273c98cc08c6598b"

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-init-rhel9@sha256:0dde839c2dce7cb684094bf26523c8e16677de03149a0fff468b8c3f106e1f4f"
...
...

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-rhel9@sha256:e8fa2a00e576ecb95561ffbdbf87b1c82d479c8791ab2c6ce741dd0d0b496d15"

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-rhel9@sha256:ff6fefad518a6c997d4c5a6e475ba89640260167f0bc27715daf3cc30116fad1"
…
EOF
      Copy to Clipboard Toggle word wrap

      Important

      For mirrored and disconnected use cases, ensure that all of the sources filtered from your catalog index.json file are digests. If any of the sources use tags instead of digests, the Operator installation fails. Tags require an internet connection.

  2. View the imageset-config.yaml to get the catalog image reference for the CatalogSource custom resource (CR) by running the following command: 

    $ cat imageset-config.yaml
    Copy to Clipboard Toggle word wrap

    Example output

    kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v2alpha1
mirror:
  operators:
  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.19
    1 
    
    packages:
    - name: amq-broker-rhel9
      channels:
      - name: 7.13.x
    Copy to Clipboard Toggle word wrap

    1
    Use the value in the mirror.catalog catalog image reference for the following jq command to get the image digest. In this example, <registry.redhat.io/redhat/redhat-operator-index:v4.19>.

  3. Get the SHA of the catalog index image by running the following command: 

    $ skopeo inspect docker://<registry.redhat.io/redhat/redhat-operator-index:v{product-version}> | jq .Digest
    1
    Copy to Clipboard Toggle word wrap
    1
    Use the value in the mirror.catalog catalog image reference for the jq command to get the image digest. In this example, <registry.redhat.io/redhat/redhat-operator-index:v4.19>.

    Example output

    "sha256:7a76c0880a839035eb6e896d54ebd63668bb37b82040692141ba39ab4c539bc6"
    Copy to Clipboard Toggle word wrap

  4. To get ready to add the image references to your image builder blueprint file, format the catalog image reference by using the following example: 

    [[containers]]
source = "registry.redhat.io/redhat/redhat-operator-index@sha256:7a76c0880a839035eb6e896d54ebd63668bb37b82040692141ba39ab4c539bc6"
    Copy to Clipboard Toggle word wrap

  5. Add the image references from all of the previous steps to the image builder blueprint.

    Generated image builder blueprint example snippet

    name = "microshift_blueprint"
description = "MicroShift 4.19.1 on x86_64 platform"
version = "0.0.1"
modules = []
groups = []

[[packages]]
    1 
    
name = "microshift"
version = "4.19.1"
...
...

[customizations.services]
    2 
    
enabled = ["microshift"]

[customizations.firewall]
ports = ["22:tcp", "80:tcp", "443:tcp", "5353:udp", "6443:tcp", "30000-32767:tcp", "30000-32767:udp"]
...
...

[[containers]]
    3 
    
source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f41e79c17e8b41f1b0a5a32c3e2dd7cd15b8274554d3f1ba12b2598a347475f4"

[[containers]]
source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dbc65f1fba7d92b36cf7514cd130fe83a9bd211005ddb23a8dc479e0eea645fd"
...
...

[[containers]]
    4 
    
source = "registry.redhat.io/redhat/redhat-operator-index@sha256:7a76c0880a839035eb6e896d54ebd63668bb37b82040692141ba39ab4c539bc6"
...
...

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-init-rhel9@sha256:0dde839c2dce7cb684094bf26523c8e16677de03149a0fff468b8c3f106e1f4f"
...
...

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-rhel9@sha256:e8fa2a00e576ecb95561ffbdbf87b1c82d479c8791ab2c6ce741dd0d0b496d15"

[[containers]]
source = "registry.redhat.io/amq8/amq-broker-rhel9@sha256:ff6fefad518a6c997d4c5a6e475ba89640260167f0bc27715daf3cc30116fad1"
…
EOF
    Copy to Clipboard Toggle word wrap

    1
    References for all non-optional MicroShift RPM packages using the same version compatible with the microshift-release-info RPM.
    2
    References for automatically enabling MicroShift on system startup and applying default networking settings.
    3
    References for all non-optional MicroShift container images necessary for a disconnected deployment.
    4
    References for the catalog index.

After you have created a RHEL for Edge image for a disconnected environment and configured MicroShift networking settings for disconnected use, you can configure the namespace and create catalog and Operator custom resources (CR) for running your Operators.

Prerequisites

  • You have a RHEL for Edge image.
  • Networking is configured for disconnected use.
  • You completed the oc-mirror plugin dry run procedure.

Procedure

  1. Create a CatalogSource custom resource (CR), similar to the following example:

    Example my-catalog-source-cr.yaml file

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: cs-redhat-operator-index
  namespace: openshift-marketplace
    1 
    
spec:
  image: registry.example.com/redhat/redhat-operator-index:v4.17
  sourceType: grpc
  displayName:
  publisher:
  updateStrategy:
    registryPoll:
      interval: 60m
    Copy to Clipboard Toggle word wrap

    1
    The global namespace. Setting the metadata.namespace to openshift-marketplace enables the catalog to run in all namespaces. Subscriptions in any namespace can reference catalogs created in the openshift-marketplace namespace.
    Note

    The default pod security admission definition for openshift-marketplace is baseline, therefore a catalog source custom resource (CR) created in that namespace does not require a spec.grpcPodConfig.securityContextConfig value to be set. You can set a legacy or restricted value if required for the namespace and Operators you want to use.

  2. Add the SHA of the catalog index commit to the Catalog Source (CR), similar to the following example:

    Example namespace spec.image configuration

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: cs-redhat-operator-index
  namespace: openshift-marketplace
spec:
  image: registry.example.com/redhat/redhat-operator-index@sha256:7a76c0880a839035eb6e896d54ebd63668bb37b82040692141ba39ab4c539bc6
    1 
    
  sourceType: grpc
  displayName:
  publisher:
  updateStrategy:
    registryPoll:
      interval: 60m
    Copy to Clipboard Toggle word wrap

    1
    The SHA of the image commit. Use the same SHA you added to the image builder blueprint.
    Important

    You must use the SHA instead of a tag in your catalog CR or the pod fails to start.

  3. Apply the YAML file from the oc-mirror plugin dry run results directory to the cluster by running the following command: 

    $ oc apply -f ./oc-mirror-workspace/results-1708508014/catalogSource-cs-redhat-operator-index.yaml
    Copy to Clipboard Toggle word wrap

    Example output

    catalogsource.operators.coreos.com/cs-redhat-operator-index created
    Copy to Clipboard Toggle word wrap

  4. Verify that the CatalogSource resources were successfully installed by running the following command: 

    $ oc get catalogsource --all-namespaces
    Copy to Clipboard Toggle word wrap

  5. Verify that the catalog source is running by using the following command: 

    $ oc get pods -n openshift-marketplace
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             READY   STATUS    RESTARTS   AGE
cs-redhat-operator-index-4227b   2/2     Running   0          2m5s
    Copy to Clipboard Toggle word wrap

  6. Create a Subscription CR, similar to the following example:

    Example my-subscription-cr.yaml file

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: amq-broker
  namespace: openshift-operators
spec:
  channel: 7.11.x
  name: amq-broker-rhel8
  source: cs-redhat-operator-index
  sourceNamespace: openshift-marketplace
    Copy to Clipboard Toggle word wrap

  7. Apply the Subscription CR by running the following command: 

    $ oc apply -f ./<my-subscription-cr.yaml>
    1
    Copy to Clipboard Toggle word wrap
    1
    Specify the name of your Subscription CR, such as my-subscription-cr.yaml.

    Example output

    subscription.operators.coreos.com/amq-broker created
    Copy to Clipboard Toggle word wrap

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat