Chapter 4. Installing the Red Hat Integration - AMQ Interconnect Operator in a restricted environment
In a production environment which has no or limited internet access, installing the Red Hat Integration - AMQ Interconnect Operator as described in Chapter 3, Adding the Red Hat Integration - AMQ Interconnect Operator is not possible. This section explains how to install Red Hat Integration - AMQ Interconnect Operator in a restricted environment by mirroring the required components to the cluster.
Prerequisites
- A OpenShift Container Platform cluster version 4.6, 4.7, 4.8, 4.9 or 4.10
A RHEL machine with:
-
podman
version 1.9.3 or later -
The
opm
CLI as described in the OpenShift documentation -
The
oc
CLI version 4.9.9 or later
-
Network access
- network access to the Red Hat Container Registry
- network access to the OpenShift Container Platform cluster
You only need access to the Red Hat Container Registry while mirroring. You do not need simultaneous access to the Red Hat Container Registry and the OpenShift Container Platform cluster.
The steps required are described in the following sections:
4.1. Setting up the OpenShift Container Platform cluster
Complete the following steps on the OpenShift Container Platform cluster to prepare for the mirroring process:
-
Log into the cluster as
cluster-admin
. Disable the sources for the default catalogs using either the CLI or the OpenShift console:
For the CLI, set
disableAllDefaultSources: true
for OperatorHub:$ oc patch OperatorHub cluster --type json \ -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
For the OpenShift console, navigate to Administration
Cluster Settings Configuration OperatorHub. On the OperatorHub page, click the Sources tab, and disable the sources.
4.2. Creating the AMQ Interconnect images on a RHEL machine
Complete the following steps on the RHEL machine to prepare for the mirroring process:
Prerequisites
Access to
registry.redhat.io
Login to
registry.redhat.io
from the RHEL machine.$ podman login -u USERNAME -p PASSWORD registry.redhat.io
Keep only the Interconnect Operator in the list of operators:
$ opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v<openshift-version> -p amq7-interconnect-operator -t <cluster-domain>:<registry-port>/iib:my-operator-iib
where
-
<openshift-version> is the version of OpenShift Container Platform, for example,
4.9
. -
<cluster-domain> is the domain name for the OpenShift Container Platform cluster, for example,
mycluster.example.com
. -
<registry-port> is the port number used by the registry in the OpenShift Container Platform cluster, the default being
5000
.
Verify that you have only created a podman image of the Interconnect Operator:
$ podman images | grep my-operator-iib <cluster-domain>:<registry-port>/iib my-operator-iib 39b6148e6981 3 days ago 138 MB
-
<openshift-version> is the version of OpenShift Container Platform, for example,
4.3. Pushing images to the OpenShift Container Platform cluster
Prerequisites
Access from the RHEL machine to the OpenShift Container Platform cluster.
From the RHEL machine, push the image to the cluster registry :
$ podman push <cluster-domain>:<registry-port>/iib:my-operator-iib
Create the three files required for the mirroring process :
$ /usr/local/bin/oc adm catalog mirror \ <cluster-domain>:<registry-port>/iib:my-operator-iib \ <cluster-domain>:<registry-port> \ -a /home/customer-user/.docker/config.json \ --insecure=true \ --registry-config /home/customer-user/.docker/config.json \ --index-filter-by-os=linux/amd64 \ --manifests-only
Make sure that the following files exist:
-
catalogSource.yaml
- A YAML file describing the catalogSource. -
imageContentSourcePolicy.yaml
- A YAML file that maps the images in the internal registry with the addresses from RedHat registries. -
mapping.txt
- A text file that drives the mirroring process of the images to the internal registry.
-
Edit
mapping.txt
to list only the images you want to mirror.The file has the following format:
[ Operator address on RedHat registry : Operator SHA ] = [ Operator address on internal mirror registry : tag ]
Example of a
mapping.txt
file :registry.redhat.io/amq7/amq-interconnect@sha256:6101cc735e4d19cd67c6d80895c425ecf6f1d2604d88f999fa0cae57a7d6abaf=<cluster-domain>:<registry-port>/amq7-amq-interconnect:f793b0cc registry.redhat.io/amq7/amq-interconnect-operator@sha256:8dd53290c909589590b88a1544d854b4ad9f8b4a639189597c0a59579bc60c40=<cluster-domain>:<registry-port>/amq7-amq-interconnect-operator:73c142ff registry.redhat.io/amq7/amq-interconnect-operator-metadata@sha256:799ce48905d5d2a91b42e2a7943ce9b756aa9da80f6924be06b2a6275ac90214=<cluster-domain>:<registry-port>/amq7-amq-interconnect-operator-metadata:14cc4a4e
Mirror the required images
$ /usr/local/bin/oc image mirror \ -f mapping-ic.yaml \ -a /home/customer-user/.docker/config.json \ --insecure=true \ --registry-config /home/customer-user/.docker/config.json \ --keep-manifest-list=true
Configure the
ImageContentSourcePolicy
(ICSP) name:Set the field 'name' in the file imageContentSourcePolicy.yaml, for example,
my-operator-icsp
Example of a ICSP snippet :
--- apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: labels: operators.openshift.org/catalog: "true" name: my-operator-icsp spec: repositoryDigestMirrors: - mirrors: - <cluster-domain>:<registry-port>/amq7-amq-interconnect-operator source: registry.redhat.io/amq7/amq-interconnect-operator
Apply the policy (ICSP) file :
$ /usr/local/bin/oc create -f imageContentSourcePolicy.yaml
After you apply this file, all cluster nodes are reset automatically. You can check the nodes status using
oc get nodes
or in the OpenShift console by navigating to ComputeNodes. NoteMake sure all nodes are in Ready state before you continue.
Configure the catalogSource name :
Set the field
name
in thecatalogSource.yaml
file, for example,my-operator-catalog
Example of a
catalogSource.yaml
file:apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: iib namespace: openshift-marketplace spec: image: <cluster-domain>:<registry-port>/iib:my-operator-iib sourceType: grpc
Apply the catalog source configuration to complete the installation of the Red Hat Integration - AMQ Interconnect Operator:
$ /usr/local/bin/oc apply -f catalogSource.yaml
- Make sure the installation is working by deploying a router as described in Section 5.1, “Creating an interior router deployment”