14.2. Understanding disconnected installation mirroring
You can use a mirror registry for disconnected installations and to ensure that your clusters only use container images that satisfy your organization’s controls on external content. Before you install a cluster on infrastructure that you provision in a disconnected environment, you must mirror the required container images into that environment. To mirror container images, you must have a registry for mirroring.
14.2.1. Mirroring images for a disconnected installation through the Agent-based Installer Copier lienLien copié sur presse-papiers!
You can use one of the following procedures to mirror your OpenShift Container Platform image repository to your mirror registry:
14.2.2. About mirroring the OpenShift Container Platform image repository for a disconnected registry Copier lienLien copié sur presse-papiers!
To use mirror images for a disconnected installation with the Agent-based Installer, you must modify the install-config.yaml
file.
You can mirror the release image by using the output of either the oc adm release mirror
or oc mirror
command. This is dependent on which command you used to set up the mirror registry. The following example shows the output of the oc adm release mirror
command.
oc adm release mirror
$ oc adm release mirror
Exemple de sortie
Use the output of the command to update the imageContentSources
field in the install-config.yaml
file. Additionally, add the certificate file used for the mirror registry to the additionalTrustBundle
field.
Example install-config.yaml
file
additionalTrustBundle: | -----BEGIN CERTIFICATE----- ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ -----END CERTIFICATE-----
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-----END CERTIFICATE-----
The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority, or the self-signed certificate that you generated for the mirror registry.
If you are using the optional method of the ZTP manifests, there are two mirror configuration files: registries.conf
and ca- bundle.crt
. These files must be added to the mirror/directory
path to add the mirror configuration in the agent ISO image.
You can create the registries.conf
file from the output of either the oc adm release mirror
or oc mirror
command. The format of the /etc/containers/registries.conf
file has changed . It is now version 2 and in TOML format.
Example registries.conf
file