Chapter 4. Installing the Red Hat Integration - AMQ Interconnect Operator in a restricted environment


In a production environment which has no or limited internet access, installing the Red Hat Integration - AMQ Interconnect Operator as described in Chapter 3, Adding the Red Hat Integration - AMQ Interconnect Operator is not possible. This section explains how to install Red Hat Integration - AMQ Interconnect Operator in a restricted environment by mirroring the required components to the cluster.

Prerequisites

  • A OpenShift Container Platform cluster version 4.6, 4.7, 4.8, 4.9 or 4.10
  • A RHEL machine with:

    • podman version 1.9.3 or later
    • The opm CLI as described in the OpenShift documentation
    • The oc CLI version 4.9.9 or later
  • Network access

    • network access to the Red Hat Container Registry
    • network access to the OpenShift Container Platform cluster
Note

You only need access to the Red Hat Container Registry while mirroring. You do not need simultaneous access to the Red Hat Container Registry and the OpenShift Container Platform cluster.

The steps required are described in the following sections:

4.1. Setting up the OpenShift Container Platform cluster

Complete the following steps on the OpenShift Container Platform cluster to prepare for the mirroring process:

  1. Log into the cluster as cluster-admin.
  2. Disable the sources for the default catalogs using either the CLI or the OpenShift console:

    1. For the CLI, set disableAllDefaultSources: true for OperatorHub:

      $ oc patch OperatorHub cluster --type json \
      -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
    2. For the OpenShift console, navigate to Administration Cluster Settings Configuration OperatorHub.

      On the OperatorHub page, click the Sources tab, and disable the sources.

4.2. Creating the AMQ Interconnect images on a RHEL machine

Complete the following steps on the RHEL machine to prepare for the mirroring process:

Prerequisites

  • Access to registry.redhat.io

    1. Login to registry.redhat.io from the RHEL machine.

      $ podman login -u USERNAME -p PASSWORD registry.redhat.io
    2. Keep only the Interconnect Operator in the list of operators:

      $ opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v<openshift-version> -p amq7-interconnect-operator -t <cluster-domain>:<registry-port>/iib:my-operator-iib

      where

      • <openshift-version> is the version of OpenShift Container Platform, for example, 4.9.
      • <cluster-domain> is the domain name for the OpenShift Container Platform cluster, for example, mycluster.example.com.
      • <registry-port> is the port number used by the registry in the OpenShift Container Platform cluster, the default being 5000.

      Verify that you have only created a podman image of the Interconnect Operator:

      $ podman images | grep my-operator-iib <cluster-domain>:<registry-port>/iib
      
      my-operator-iib  39b6148e6981  3 days ago     138 MB

4.3. Pushing images to the OpenShift Container Platform cluster

Prerequisites

  • Access from the RHEL machine to the OpenShift Container Platform cluster.

    1. From the RHEL machine, push the image to the cluster registry :

      $ podman push <cluster-domain>:<registry-port>/iib:my-operator-iib
    2. Create the three files required for the mirroring process :

      $ /usr/local/bin/oc adm catalog mirror  \
        <cluster-domain>:<registry-port>/iib:my-operator-iib \
        <cluster-domain>:<registry-port> \
        -a /home/customer-user/.docker/config.json \
        --insecure=true \
        --registry-config /home/customer-user/.docker/config.json \
        --index-filter-by-os=linux/amd64 \
        --manifests-only
    3. Make sure that the following files exist:

      • catalogSource.yaml - A YAML file describing the catalogSource.
      • imageContentSourcePolicy.yaml - A YAML file that maps the images in the internal registry with the addresses from RedHat registries.
      • mapping.txt- A text file that drives the mirroring process of the images to the internal registry.
    4. Edit mapping.txt to list only the images you want to mirror.

      The file has the following format:

      [ Operator address on RedHat registry : Operator SHA ] = [ Operator address on internal mirror registry : tag ]

      Example of a mapping.txt file :

      registry.redhat.io/amq7/amq-interconnect@sha256:6101cc735e4d19cd67c6d80895c425ecf6f1d2604d88f999fa0cae57a7d6abaf=<cluster-domain>:<registry-port>/amq7-amq-interconnect:f793b0cc
      registry.redhat.io/amq7/amq-interconnect-operator@sha256:8dd53290c909589590b88a1544d854b4ad9f8b4a639189597c0a59579bc60c40=<cluster-domain>:<registry-port>/amq7-amq-interconnect-operator:73c142ff
      registry.redhat.io/amq7/amq-interconnect-operator-metadata@sha256:799ce48905d5d2a91b42e2a7943ce9b756aa9da80f6924be06b2a6275ac90214=<cluster-domain>:<registry-port>/amq7-amq-interconnect-operator-metadata:14cc4a4e
    5. Mirror the required images

      $ /usr/local/bin/oc image mirror \
        -f mapping-ic.yaml \
        -a /home/customer-user/.docker/config.json \
        --insecure=true \
        --registry-config /home/customer-user/.docker/config.json \
        --keep-manifest-list=true
    6. Configure the ImageContentSourcePolicy (ICSP) name:

      Set the field 'name' in the file imageContentSourcePolicy.yaml, for example, my-operator-icsp

      Example of a ICSP snippet :

      ---
      apiVersion: operator.openshift.io/v1alpha1
      kind: ImageContentSourcePolicy
      metadata:
          labels:
              operators.openshift.org/catalog: "true"
          name: my-operator-icsp
      spec:
          repositoryDigestMirrors:
          - mirrors:
              - <cluster-domain>:<registry-port>/amq7-amq-interconnect-operator
              source: registry.redhat.io/amq7/amq-interconnect-operator
    7. Apply the policy (ICSP) file :

      $ /usr/local/bin/oc create -f imageContentSourcePolicy.yaml

      After you apply this file, all cluster nodes are reset automatically. You can check the nodes status using oc get nodes or in the OpenShift console by navigating to Compute Nodes.

      Note

      Make sure all nodes are in Ready state before you continue.

    8. Configure the catalogSource name :

      Set the field name in the catalogSource.yaml file, for example, my-operator-catalog

      Example of a catalogSource.yaml file:

      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: iib
        namespace: openshift-marketplace
      spec:
        image: <cluster-domain>:<registry-port>/iib:my-operator-iib
        sourceType: grpc
    9. Apply the catalog source configuration to complete the installation of the Red Hat Integration - AMQ Interconnect Operator:

      $ /usr/local/bin/oc apply -f catalogSource.yaml
    10. Make sure the installation is working by deploying a router as described in Section 5.1, “Creating an interior router deployment”
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.