diff --git a/acm/Makefile b/acm/Makefile index 3bd29bd7c..ac5182de8 100644 --- a/acm/Makefile +++ b/acm/Makefile @@ -3,10 +3,8 @@ DEPLOY_ENV ?= personal-dev $(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk) include config.mk -MCE_OPERATOR_BUNDLE_IMAGE ?= quay.io/acm-d/mce-operator-bundle:v2.7.0-110 -REGISTRY ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/acm-d-mce -# once MCE 2.7 is released, we can find the official bundle image here -# https://catalog.redhat.com/software/containers/multicluster-engine/mce-operator-bundle/6160406290fb938ecf6009c6 +MCE_OPERATOR_BUNDLE_IMAGE ?= registry.redhat.io/multicluster-engine/mce-operator-bundle:v2.7.0-116 +REGISTRY ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io MCE_OPERATOR_BUNDLE_FILE = mce-operator-bundle.tgz HELM_BASE_DIR = deploy/helm @@ -14,6 +12,7 @@ MCE_CHART_DIR = ${HELM_BASE_DIR}/multicluster-engine MCE_CONFIG_DIR = ${HELM_BASE_DIR}/multicluster-engine-config MCE_NS = multicluster-engine POLICY_HELM_REPO = https://github.com/stolostron/mce-install-kube.git +POLICY_HELM_REPO_BRANCH = release-2.12 deploy: @kubectl create namespace ${MCE_NS} --dry-run=client -o json | kubectl apply -f - @@ -23,7 +22,8 @@ deploy: --set imageRegistry=${REGISTRY} helm upgrade --install --wait --wait-for-jobs \ mce-config ${MCE_CONFIG_DIR} \ - --namespace ${MCE_NS} + --namespace ${MCE_NS} \ + --set global.registryOverride=${REGISTRY} helm-chart: @podman pull --arch amd64 ${MCE_OPERATOR_BUNDLE_IMAGE} @@ -37,14 +37,11 @@ helm-chart: @echo "Cloning remote mce-install-kube repository..." TMP_DIR=$$(mktemp -d) && \ - git clone ${POLICY_HELM_REPO} $$TMP_DIR && \ + git clone --branch ${POLICY_HELM_REPO_BRANCH} ${POLICY_HELM_REPO} $$TMP_DIR && \ rm -rf ${MCE_CONFIG_DIR}/charts && \ mkdir -p ${MCE_CONFIG_DIR}/charts && \ cp -r $$TMP_DIR/policy ${MCE_CONFIG_DIR}/charts && \ rm -rf $$TMP_DIR @echo "Helm chart imported successfully." -import-chart: - - .PHONY: deploy helm-chart diff --git a/acm/README.md b/acm/README.md index d476ae000..54c19442b 100644 --- a/acm/README.md +++ b/acm/README.md @@ -2,16 +2,26 @@ This folder contains helm charts and automation to managed helm charts for the ACM components `MCE` and `policy`. +## Structure + Installation and configuration are split into two individual helm charts -## multicluster-engine +### multicluster-engine This helm chart installs the MCE operator. The chart is autogenerated from an OLM release-bundle of MCE by running `make helm-chart`. The resulting chart is then commited into the repository. To update MCE, change the `MCE_OPERATOR_BUNDLE_IMAGE` variable in the Makefile. If you are testing pre-releases from the `quay.io/acm-d` organization, make sure the `REGISTRY` env var in the Makefile is set to `${ARO_HCP_IMAGE_ACR}.azurecr.io/acm-d-mce`. For production releases set it to `${ARO_HCP_IMAGE_ACR}.azurecr.io` instead. -## multicluster-engine-config +### multicluster-engine-config This helm chart configures MCE and installs the `policy` component on top of it. The subchart for `policy` is imported into this repo by running `make helm-chart`. It can be found [in the ACM upstream Github org](https://github.com/stolostron/mce-install-kube) and is maintained by the ACM team. Updating `policy` needs to be done with care for now, since the content of the helm chart repo is not tagged. We are working on it. + +## Updating charts + +To update the `multicluster-engine` chart, lookup the desired install MCE OLM bundle on [https://catalog.redhat.com](https://catalog.redhat.com/software/containers/multicluster-engine/mce-operator-bundle/6160406290fb938ecf6009c6) and update the `MCE_OPERATOR_BUNDLE_IMAGE` variable in `Makefile`. + +To update the `multicluster-engine-config/policy` subchart, update the `POLICY_HELM_REPO_BRANCH` variable in the `Makefile` for the desired release. + +Run `make helm-chart` to update all charts. Review and commit all changes to the `deploy/helm` directory. diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/Chart.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/Chart.yaml index 21157ea9c..84dcdbfa0 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/Chart.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 -appVersion: 2.12.0 -version: 2.12.0 +appVersion: v2.12.0 +version: v2.12.0 description: A Helm chart for ACM addons name: policy dependencies: - name: grc - version: "2.12.0" + version: "v2.12.0" - name: cluster-lifecycle - version: "2.12.0" + version: "v2.12.0" diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/Chart.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/Chart.yaml index 31da13e4c..d1da32b98 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/Chart.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/Chart.yaml @@ -2,8 +2,8 @@ # Copyright Contributors to the Open Cluster Management project apiVersion: v2 -appVersion: 2.12.0 +appVersion: v2.12.0 description: Helm chart for deploying the cluster lifecycle kubeVersion: ">=1.11.0-0" name: cluster-lifecycle -version: 2.12.0 +version: v2.12.0 diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml index 125442e7d..1cd430e69 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml @@ -79,7 +79,7 @@ spec: {{- end }} containers: - name: klusterlet-addon-controller - image: "{{ .Values.global.imageOverrides.klusterlet_addon_controller }}" + image: "{{ .Values.global.registryOverride}}/{{ .Values.global.imageOverrides.klusterlet_addon_controller }}" imagePullPolicy: {{ .Values.global.pullPolicy }} securityContext: allowPrivilegeEscalation: false diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/Chart.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/Chart.yaml index 3dd9d60bd..ca17401e3 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/Chart.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/Chart.yaml @@ -2,10 +2,10 @@ # Copyright Contributors to the Open Cluster Management project apiVersion: v2 -appVersion: 2.12.0 +appVersion: v2.12.0 description: A Helm chart for multicloud grc keywords: - acm - grc name: grc -version: 2.12.0 +version: v2.12.0 diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-addon-controller.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-addon-controller.yaml index a17d5d85d..3adf2adc5 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-addon-controller.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-addon-controller.yaml @@ -69,10 +69,10 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: CONFIG_POLICY_CONTROLLER_IMAGE - value: {{ .Values.global.imageOverrides.config_policy_controller }} + value: "{{ .Values.global.registryOverride}}/{{ .Values.global.imageOverrides.config_policy_controller }}" - name: GOVERNANCE_POLICY_FRAMEWORK_ADDON_IMAGE - value: {{ .Values.global.imageOverrides.governance_policy_framework_addon }} - image: {{ .Values.global.imageOverrides.governance_policy_addon_controller }} + value: "{{ .Values.global.registryOverride}}/{{ .Values.global.imageOverrides.governance_policy_framework_addon }}" + image: "{{ .Values.global.registryOverride}}/{{ .Values.global.imageOverrides.governance_policy_addon_controller }}" imagePullPolicy: IfNotPresent name: manager resources: diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-propagator.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-propagator.yaml index 32961c6d9..5d9fbe2db 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-propagator.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/templates/grc-policy-propagator.yaml @@ -81,7 +81,7 @@ spec: fieldPath: metadata.name - name: OPERATOR_NAME value: governance-policy-propagator - image: {{ .Values.global.imageOverrides.governance_policy_propagator }} + image: "{{ .Values.global.registryOverride}}/{{ .Values.global.imageOverrides.governance_policy_propagator }}" imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/values.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/values.yaml index d727960d3..dd1f1531c 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/values.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/charts/grc/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2020 Red Hat, Inc. global: + registryOverride: "" imageOverrides: governance_policy_propagator: "" governance_policy_addon_controller: "" diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/crds/policy.open-cluster-management.io_policyautomations.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/crds/policy.open-cluster-management.io_policyautomations.yaml index 2a5ed4d4b..6386db481 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/crds/policy.open-cluster-management.io_policyautomations.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/crds/policy.open-cluster-management.io_policyautomations.yaml @@ -56,8 +56,8 @@ spec: x-kubernetes-preserve-unknown-fields: true jobTtl: description: >- - JobTTL sets the time to live for the Kubernetes AnsibleJob object after the Ansible job run has - finished. + JobTTL sets the time to live for the Kubernetes Job object after the Ansible job playbook run + has finished. type: integer name: description: Name of the Ansible Template to run in Ansible Automation @@ -91,6 +91,7 @@ spec: minimum: 0 type: integer eventHook: + default: noncompliant description: >- EventHook specifies the compliance state that initiates automation. This must be set to "noncompliant". @@ -116,7 +117,6 @@ spec: type: string required: - automationDef - - eventHook - mode - policyRef type: object diff --git a/acm/deploy/helm/multicluster-engine-config/charts/policy/values.yaml b/acm/deploy/helm/multicluster-engine-config/charts/policy/values.yaml index 591cbd7d8..4bc148748 100644 --- a/acm/deploy/helm/multicluster-engine-config/charts/policy/values.yaml +++ b/acm/deploy/helm/multicluster-engine-config/charts/policy/values.yaml @@ -1,18 +1,12 @@ global: + registryOverride: "registry.redhat.io" imageOverrides: - # upstream images - governance_policy_propagator: "quay.io/stolostron/governance-policy-propagator:2.12.0-SNAPSHOT-2024-09-30-01-46-06" - governance_policy_addon_controller: "quay.io/stolostron/governance-policy-addon-controller:2.12.0-SNAPSHOT-2024-09-30-01-46-06" - config_policy_controller: "quay.io/stolostron/config-policy-controller:2.12.0-SNAPSHOT-2024-09-30-01-46-06" - governance_policy_framework_addon: "quay.io/stolostron/governance-policy-framework-addon:2.12.0-SNAPSHOT-2024-09-30-01-46-06" - klusterlet_addon_controller: "quay.io/stolostron/klusterlet-addon-controller:2.12.0-SNAPSHOT-2024-09-30-01-46-06" + governance_policy_propagator: "rhacm2/governance-policy-propagator-rhel9@sha256:f2fa1a7c7af6379eda44a691de57eb59dc8068aadb98504df7ef4a5e059a0cfa" + governance_policy_addon_controller: "rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:7b2f432d7ea6b9eb9c4df6df88ae3d5bfc261a8d24a5146a04d3465a41d99e10" + config_policy_controller: "rhacm2/config-policy-controller-rhel9@sha256:bad96b2cd7efd604b3ef8092eb72c5a7d33b39732a1a8fe995aa197ead7a5d31" + governance_policy_framework_addon: "rhacm2/acm-governance-policy-framework-addon-rhel9@sha256:a5373e3aed5c8e0ac1427599c3801eccd3b4ff4bdc3f9c0cd7083ff3e34433b3" + klusterlet_addon_controller: "rhacm2/klusterlet-addon-controller-rhel9@sha256:f8188bc955dbc635031e765fb09015926eb350a7484e6c9f2e0af6020e02aa30" - # images in ACM 2.11.2 - # governance_policy_propagator: "registry.redhat.io/rhacm2/governance-policy-propagator-rhel9@sha256:af848e7e31d8ec9b5ad1896a5d5ccc67f320a7740245c190ba8a76757984e65b" - # governance_policy_addon_controller: "registry.redhat.io/rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:fc0708f0a6d5266fb544f41b61d9697d370c8c5e297e4e3f13de8656f9c2b049" - # config_policy_controller: "registry.redhat.io/rhacm2/config-policy-controller-rhel9@sha256:cecf914d7fb7759a4f512c1ec53a077dcb1c7e405c22a5bf6af1bf5878cf3c42" - # governance_policy_framework_addon: "registry.redhat.io/rhacm2/acm-governance-policy-framework-addon-rhel9@sha256:a4880f6e82d2b82606203ea855d0418bb29b3d4535f8bc7a9ef4074258c18674" - # klusterlet_addon_controller: "registry.redhat.io/rhacm2/klusterlet-addon-controller-rhel9@sha256:478e3e6cda0d74f43b0f05911d023344108a5cd79d57d5cc9f268ad064848a00" namespace: multicluster-engine pullSecret: open-cluster-management-image-pull-credentials diff --git a/acm/deploy/helm/multicluster-engine-config/values.yaml b/acm/deploy/helm/multicluster-engine-config/values.yaml index d68a71eca..566c559ca 100644 --- a/acm/deploy/helm/multicluster-engine-config/values.yaml +++ b/acm/deploy/helm/multicluster-engine-config/values.yaml @@ -2,6 +2,9 @@ localCluster: kubeApiUrl: https://kubernetes.default.svc addonConfig: applicationManagerEnabled: false - certPolicyControllerEnabled: true + certPolicyControllerEnabled: false policyControllerEnabled: true searchCollectorEnabled: false + +global: + registryOverride: "" diff --git a/acm/deploy/helm/multicluster-engine/Chart.yaml b/acm/deploy/helm/multicluster-engine/Chart.yaml index 131abac41..63b86082c 100644 --- a/acm/deploy/helm/multicluster-engine/Chart.yaml +++ b/acm/deploy/helm/multicluster-engine/Chart.yaml @@ -7,6 +7,6 @@ keywords: - multiclusterengine name: multicluster-engine sources: -- oci://quay.io/acm-d/mce-operator-bundle:v2.7.0-110 +- oci://registry.redhat.io/multicluster-engine/mce-operator-bundle:v2.7.0-116 type: application version: 2.7.0 diff --git a/acm/deploy/helm/multicluster-engine/templates/multicluster-engine-operator.deployment.yaml b/acm/deploy/helm/multicluster-engine/templates/multicluster-engine-operator.deployment.yaml index b50db827f..183031900 100644 --- a/acm/deploy/helm/multicluster-engine/templates/multicluster-engine-operator.deployment.yaml +++ b/acm/deploy/helm/multicluster-engine/templates/multicluster-engine-operator.deployment.yaml @@ -57,80 +57,80 @@ spec: fieldRef: fieldPath: metadata.namespace - name: OPERAND_IMAGE_ADDON_MANAGER - value: '{{ .Values.imageRegistry }}/multicluster-engine/addon-manager-rhel9@sha256:3a2d6035027382c001eff5ec49c50804818d36fa40defc8b36487a8bb5c74637' + value: '{{ .Values.imageRegistry }}/multicluster-engine/addon-manager-rhel9@sha256:25cdce9461a24748fc6631fa4394b813deabdb27d0c95956508d2a38c504a6a9' - name: OPERAND_IMAGE_ASSISTED_IMAGE_SERVICE - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-image-service-rhel9@sha256:dfec5080d0d7e71834648c29c367aff336371b197fa3301bdcdaed0f148a1440' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-image-service-rhel9@sha256:e1623f5819b3c3a1c79584846eb09c92583a3e88b47fd421d6b72ceccee857d0' - name: OPERAND_IMAGE_ASSISTED_INSTALLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-rhel9@sha256:23c0fc8624a2d0f6257d9e02cc13a15c0b04a3bf514d87c94b1fc47e9fe23b07' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-rhel9@sha256:b030580e10ae9daa3832e1755e80b0638e5de1673b5bca2e34c742e507a900cd' - name: OPERAND_IMAGE_ASSISTED_INSTALLER_AGENT - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-agent-rhel9@sha256:9b05bab596ab41ec0fc734202dd2d170aef57dccc3aed86577f43d0b44b74a72' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-agent-rhel9@sha256:2e71067d7e28e0b9e8463653be16b9bad711f3f05b0007dabd5282b88f32df05' - name: OPERAND_IMAGE_ASSISTED_INSTALLER_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-controller-rhel9@sha256:86bef67d5275612a26f4c738691951eb75c5f591ccafccd26c68dc9f5dbe3c59' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-installer-controller-rhel9@sha256:07eb099581b1c8b65a05e80f876b58ac4fa9e3435634db52de5a22010cb7aeff' - name: OPERAND_IMAGE_ASSISTED_SERVICE_8 - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-service-8-rhel8@sha256:3b21e10c2d71d7587ea863fc99175ac9e5607bc54ee067d0be42769f8de2ef10' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-service-8-rhel8@sha256:e8260d0a6187638cc1a2219d553b8a681a026c80621335c6984675cef308aa57' - name: OPERAND_IMAGE_ASSISTED_SERVICE_9 - value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-service-9-rhel9@sha256:47328c195447b5928aee72c7d4039e46ed955c2df27b22f3dda936220314b81c' + value: '{{ .Values.imageRegistry }}/multicluster-engine/assisted-service-9-rhel9@sha256:0e34d52ac6173678a7a7ebdc0ea9554c47876f2dcb4526a815a541d3762a5a5f' - name: OPERAND_IMAGE_BACKPLANE_MUST_GATHER - value: '{{ .Values.imageRegistry }}/multicluster-engine/must-gather-rhel9@sha256:5bf03dd58dabd95c7243a3b27ecf6a703803dd1904a5714401581ceca84ca7cf' + value: '{{ .Values.imageRegistry }}/multicluster-engine/must-gather-rhel9@sha256:8d7dd9a280551430eb9cb57709c8e0f6dc135bab306ed34b57b13d07d05e9719' - name: OPERAND_IMAGE_CLUSTER_API - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-rhel9@sha256:4f9f2ee158f090d8e958988ceb0cec56271531cbc6be9b128c5d18e9777829da' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-rhel9@sha256:13276174e2955fdee35e2e1fa84de1be25229da2672b37f6c9ad4ed2a3eb5954' - name: OPERAND_IMAGE_CLUSTER_API_PROVIDER_AGENT - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:75fb058973d276f6dd33cc3b07b484794531c41882e03516fc117e7f9e780eef' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:883427857d3960b365d0d8714b867f5a0c712be5a053b41779bc7feb2b95207d' - name: OPERAND_IMAGE_CLUSTER_API_PROVIDER_KUBEVIRT - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:a0077b2c2a59f9c8fbdd8a3605f0d461060e43f0bd0ad29ac3027995b04ef852' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:0abf3c9c3db13749b4399de6ef162a00ec63ae18e6dc6e4c96a4d332f83bea18' - name: OPERAND_IMAGE_CLUSTERCLAIMS_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/clusterclaims-controller-rhel9@sha256:ae228c4d3191b04cbd9c534e17e944d17b9cce5957012b3d672d89134d4e98fc' + value: '{{ .Values.imageRegistry }}/multicluster-engine/clusterclaims-controller-rhel9@sha256:4aeb801c624bffaa44c108bbad030f44cb69699564b06b7c12143d0c5b5db61c' - name: OPERAND_IMAGE_CLUSTER_CURATOR_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-curator-controller-rhel9@sha256:a1b70852434d3c29ebfe8717e529a4e91c65009ccb4b7d05e3b1ff466b252113' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-curator-controller-rhel9@sha256:f2025f357f1b7c3b516a66ece247a50fcceb048dff758944098efe672b020db2' - name: OPERAND_IMAGE_CLUSTER_IMAGE_SET_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-image-set-controller-rhel9@sha256:64f3a1ccfa1c15f8f0cce33a37082919544f97fecccaa389436704043052b579' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-image-set-controller-rhel9@sha256:d082cea8410f0f5f3684cbc1583519f17300d119ef3fb04e7876f03ea7b53da3' - name: OPERAND_IMAGE_CLUSTERLIFECYCLE_STATE_METRICS - value: '{{ .Values.imageRegistry }}/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:cebc895269458c2652de11e7b060f2765491ad9494d432dd6088756042ddc443' + value: '{{ .Values.imageRegistry }}/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7' - name: OPERAND_IMAGE_CLUSTER_PROXY_ADDON - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-proxy-addon-rhel9@sha256:0fe206e859c6ff4000d1a26641890fae10a95f7cddae6bc0472b05d685ca618e' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-proxy-addon-rhel9@sha256:87a3811feac15c463e6410d6d64653cc5b22915a1c9408d41713b54c94ffb6c1' - name: OPERAND_IMAGE_CLUSTER_PROXY - value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-proxy-rhel9@sha256:241ce844db29e2f0af726bcb262bf9214702664121729da8b785c6283919dffe' + value: '{{ .Values.imageRegistry }}/multicluster-engine/cluster-proxy-rhel9@sha256:3b2f833933763026fc0a5e3e86872d32432a50389a9c7d2f71e17d501bd219f1' - name: OPERAND_IMAGE_CONSOLE_MCE - value: '{{ .Values.imageRegistry }}/multicluster-engine/console-mce-rhel9@sha256:967e6d0bb0655bbd2959d052d0049d52aad4e440dae8fa31f17dffa86787d5fa' + value: '{{ .Values.imageRegistry }}/multicluster-engine/console-mce-rhel9@sha256:407f44993e8b14e99990360333e1af3f7097591396f9cf56479b2b8438d47dca' - name: OPERAND_IMAGE_DISCOVERY_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/discovery-rhel9@sha256:07d2c496361b786320657f215edbaa83661e396b391834ad8d5862ae951a3f31' + value: '{{ .Values.imageRegistry }}/multicluster-engine/discovery-rhel9@sha256:2a03d06f5c412a896c491cbcbf00b2883980835fd94737482042c06d6a68022c' - name: OPERAND_IMAGE_HYPERSHIFT_ADDON_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-addon-rhel9-operator@sha256:8ac8df86a5f715c9065ff30602eb6d803f67d7a7550f0a805376c99fa793e8be' + value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-addon-rhel9-operator@sha256:af40c47a901c3c1851104427d3fd9db1f0cb6205e37917dc87af57facc90d75d' - name: OPERAND_IMAGE_HYPERSHIFT_CLI - value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-cli-rhel9@sha256:fc53d8bda8b4c9f05ee48c4ed11ed5682c5f493c996ca98646f99a9e9d7a4875' + value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-cli-rhel9@sha256:f68997b97948891fab2ce7f60c2b9657da147491f8c5bb0e804aab7b0d57c854' - name: OPERAND_IMAGE_HYPERSHIFT_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-rhel9-operator@sha256:23fb3c2671cd382f75288c928ea391fafecda9bffd9442b0d63635e61421075b' + value: '{{ .Values.imageRegistry }}/multicluster-engine/hypershift-rhel9-operator@sha256:161292cbf4b81c928e6dc9162dc63b02b21c93bfa92b3272f437dc4ff5a02c3a' - name: OPERAND_IMAGE_IMAGE_BASED_INSTALL_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/image-based-install-rhel9@sha256:3baea6a1e65f687fa2a0c6b01d2376a20eb2f572b2abfcb516c41f6752fe4be7' + value: '{{ .Values.imageRegistry }}/multicluster-engine/image-based-install-rhel9@sha256:1b145d921805c94dcd9da4387944039c4ea1af782969d35b42f27c30198b8fbe' - name: OPERAND_IMAGE_KUBE_RBAC_PROXY_MCE - value: '{{ .Values.imageRegistry }}/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:865c85fbe1f582605923333f8fef963cd78d1e409a52f3d372623eb5546f08cf' + value: '{{ .Values.imageRegistry }}/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:b1ada80f881131283a94d84cb37edc4b9725ccea9b66ebf8ccd6956cb515531a' - name: OPERAND_IMAGE_MANAGEDCLUSTER_IMPORT_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/managedcluster-import-controller-rhel9@sha256:229eeb1e86f4e8b5833ba08e9044356addc989c3612db6e0bcc4ad4784eab4f1' + value: '{{ .Values.imageRegistry }}/multicluster-engine/managedcluster-import-controller-rhel9@sha256:09a2f864c76373c9c6af4e8f7c2ffe4dffecc2637cf1647b7d2926419265e3f4' - name: OPERAND_IMAGE_MANAGED_SERVICEACCOUNT - value: '{{ .Values.imageRegistry }}/multicluster-engine/managed-serviceaccount-rhel9@sha256:0cfff5011533e0e1c28621f129a8fc600dd974bbf17aeca59da855887aee6427' + value: '{{ .Values.imageRegistry }}/multicluster-engine/managed-serviceaccount-rhel9@sha256:bc6ddc984411179e3882afbdb66664cec7cfd7cc65077e4866748939622f6687' - name: OPERAND_IMAGE_MULTICLOUD_MANAGER - value: '{{ .Values.imageRegistry }}/multicluster-engine/multicloud-manager-rhel9@sha256:d00b99b2e6041bcc4fd82ae8230348cb59b8daf4abffa4d0309ecab355f486c1' + value: '{{ .Values.imageRegistry }}/multicluster-engine/multicloud-manager-rhel9@sha256:a0873734a8e0d0b5092820d7ded0436c30fd572abdabb01159b53f0bb2e9d4a3' - name: OPERAND_IMAGE_OPENSHIFT_HIVE - value: '{{ .Values.imageRegistry }}/multicluster-engine/hive-rhel9@sha256:168a1f36bef09a89975721c7c182f3ac53334bd94cbe79d044d303f42abc7206' + value: '{{ .Values.imageRegistry }}/multicluster-engine/hive-rhel9@sha256:504c80f8391fe6c5953ff058ef61db0d87880d24605ff872a2112d7003ede848' - name: OPERAND_IMAGE_PROVIDER_CREDENTIAL_CONTROLLER - value: '{{ .Values.imageRegistry }}/multicluster-engine/provider-credential-controller-rhel9@sha256:8ef1a479d6324277cf3dafc3d8f43fe24e138c76a46203b48a04482f1967fb49' + value: '{{ .Values.imageRegistry }}/multicluster-engine/provider-credential-controller-rhel9@sha256:1df5c14a22fffdcf04cc82e26fdd153f26f85dd78bc237f5a8f4379f142ccb22' - name: OPERAND_IMAGE_PLACEMENT - value: '{{ .Values.imageRegistry }}/multicluster-engine/placement-rhel9@sha256:2e683cd960cc469b215255ae5c65fd0185ef4cc708a98e0be0c1417ad6ee8ea7' + value: '{{ .Values.imageRegistry }}/multicluster-engine/placement-rhel9@sha256:737cf1d7dcdf8c32d96894eebd686caf35959232f3fd774b307cf1df8068d26c' - name: OPERAND_IMAGE_REGISTRATION - value: '{{ .Values.imageRegistry }}/multicluster-engine/registration-rhel9@sha256:b101420ec76edb714c364fddfee7ff90a1f13212904688d740d4fc70c0a7175d' + value: '{{ .Values.imageRegistry }}/multicluster-engine/registration-rhel9@sha256:26ef4145f464f1c5cdb6ab42c119766669f7f08e46cbd4185bdbd3f4cd70bb54' - name: OPERAND_IMAGE_REGISTRATION_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/registration-operator-rhel9@sha256:6dcc104b4402010ccb0b27ced1bd0606c49effb27db59f47241b1b72030070ab' + value: '{{ .Values.imageRegistry }}/multicluster-engine/registration-operator-rhel9@sha256:8a37700e9848830dca9a3eebd4c8ca6abd7b04dc28ab5cefd743d00dd58be92a' - name: OPERAND_IMAGE_WORK - value: '{{ .Values.imageRegistry }}/multicluster-engine/work-rhel9@sha256:482c09e19316ee3b90abc0c9531609ec2e962d93154d9892aa219ed98b3e15d7' + value: '{{ .Values.imageRegistry }}/multicluster-engine/work-rhel9@sha256:1fecd5872ad4a0ce5ddab8a156a54315fc51508a4a18a80d901af7f9af294ec6' - name: OPERAND_IMAGE_BACKPLANE_OPERATOR - value: '{{ .Values.imageRegistry }}/multicluster-engine/backplane-rhel9-operator@sha256:3f3ec83d4c8b8f4c877da96b2254fb1f871633ebb6853f29f225189094badd36' + value: '{{ .Values.imageRegistry }}/multicluster-engine/backplane-rhel9-operator@sha256:8c2f526398df56f92bfc62af8e42c3e373c236ab67e58e877cf9690fc480d46a' - name: OPERAND_IMAGE_POSTGRESQL_12 value: '{{ .Values.imageRegistry }}/rhel8/postgresql-12@sha256:82d171ab0ce78a0157408662155b53d4f637947a303bfecb684f6132f5f468be' - name: OPERATOR_VERSION value: 2.7.0 - name: OPERATOR_PACKAGE value: multicluster-engine - image: '{{ .Values.imageRegistry }}/multicluster-engine/backplane-rhel9-operator@sha256:3f3ec83d4c8b8f4c877da96b2254fb1f871633ebb6853f29f225189094badd36' + image: '{{ .Values.imageRegistry }}/multicluster-engine/backplane-rhel9-operator@sha256:8c2f526398df56f92bfc62af8e42c3e373c236ab67e58e877cf9690fc480d46a' livenessProbe: httpGet: path: /healthz diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile index 4348e92ce..b21c95600 100644 --- a/dev-infrastructure/Makefile +++ b/dev-infrastructure/Makefile @@ -102,6 +102,7 @@ imagesync.rg: az group create \ --name $(IMAGE_SYNC_RESOURCEGROUP) \ --location $(REGION) \ + --tags persist=$(PERSIST) \ --output none; \ fi .PHONY: imagesyncRg diff --git a/dev-infrastructure/templates/image-sync.bicep b/dev-infrastructure/templates/image-sync.bicep index d540d0ad1..8d8408372 100644 --- a/dev-infrastructure/templates/image-sync.bicep +++ b/dev-infrastructure/templates/image-sync.bicep @@ -223,11 +223,9 @@ resource componentSyncJob 'Microsoft.App/jobs@2024-03-01' = { } } -// oc-mirror job +// oc-mirror jobs -var ocMirrorJobName = 'oc-mirror' - -var ocMirrorConfig = { +var ocpMirrorConfig = { kind: 'ImageSetConfiguration' apiVersion: 'mirror.openshift.io/v1alpha2' storageConfig: { @@ -251,10 +249,6 @@ var ocMirrorConfig = { graph: true } additionalImages: [ - { name: 'registry.redhat.io/redhat/redhat-operator-index:v4.16' } - { name: 'registry.redhat.io/redhat/certified-operator-index:v4.16' } - { name: 'registry.redhat.io/redhat/community-operator-index:v4.16' } - { name: 'registry.redhat.io/redhat/redhat-marketplace-index:v4.16' } { name: 'registry.redhat.io/redhat/redhat-operator-index:v4.17' } { name: 'registry.redhat.io/redhat/certified-operator-index:v4.17' } { name: 'registry.redhat.io/redhat/community-operator-index:v4.17' } @@ -263,98 +257,149 @@ var ocMirrorConfig = { } } -resource ocMirrorJob 'Microsoft.App/jobs@2024-03-01' = { - name: ocMirrorJobName - location: location - identity: { - type: 'UserAssigned' - userAssignedIdentities: { - '${uami.id}': {} - } +var acmMirrorConfig = { + kind: 'ImageSetConfiguration' + apiVersion: 'mirror.openshift.io/v2alpha1' + mirror: { + operators: [ + { + catalog: 'registry.redhat.io/redhat/redhat-operator-index:v4.17' + packages: [ + { + name: 'multicluster-engine' + bundles: [ + { + name: 'multicluster-engine.v2.7.0' + } + ] + } + { + name: 'advanced-cluster-management' + bundles: [ + { + name: 'advanced-cluster-management.v2.12.0' + } + ] + } + ] + } + ] } +} - properties: { - environmentId: containerAppEnvironment.id - configuration: { - eventTriggerConfig: {} - triggerType: 'Schedule' - manualTriggerConfig: { - parallelism: 1 - } - scheduleTriggerConfig: { - cronExpression: '0 * * * *' - parallelism: 1 +var ocMirrorJobConfiguration = [ + { + name: 'oc-mirror' + cron: '0 * * * *' + timeout: 4 * 60 * 60 + targetRegistry: ocpAcrName + imageSetConfig: ocpMirrorConfig + } + { + name: 'acm-mirror' + cron: '0 10 * * *' + timeout: 4 * 60 * 60 + targetRegistry: svcAcrName + imageSetConfig: acmMirrorConfig + } +] + +resource ocMirrorJobs 'Microsoft.App/jobs@2024-03-01' = [ + for i in range(0, length(ocMirrorJobConfiguration)): { + name: ocMirrorJobConfiguration[i].name + location: location + identity: { + type: 'UserAssigned' + userAssignedIdentities: { + '${uami.id}': {} } - replicaTimeout: 4 * 60 * 60 - registries: [ - { - identity: uami.id - server: '${svcAcrName}${environment().suffixes.acrLoginServer}' + } + properties: { + environmentId: containerAppEnvironment.id + configuration: { + eventTriggerConfig: {} + triggerType: 'Schedule' + manualTriggerConfig: { + parallelism: 1 } - ] - secrets: [ - { - name: 'pull-secrets' - keyVaultUrl: 'https://${keyVaultName}${environment().suffixes.keyvaultDns}/secrets/${ocpPullSecretName}' - identity: uami.id + scheduleTriggerConfig: { + cronExpression: ocMirrorJobConfiguration[i].cron + parallelism: 1 } - ] - } - template: { - containers: [ - { - name: ocMirrorJobName - image: ocMirrorImage - volumeMounts: [ - { volumeName: 'pull-secrets-updated', mountPath: '/etc/containers' } - ] - env: [ - { name: 'IMAGE_SET_CONFIG', value: base64(string(ocMirrorConfig)) } - { name: 'REGISTRY', value: ocpAcrName } - { name: 'REGISTRY_URL', value: '${ocpAcrName}${environment().suffixes.acrLoginServer}' } - { name: 'XDG_RUNTIME_DIR', value: '/etc' } - { name: 'AZURE_CLIENT_ID', value: uami.properties.clientId } - { - name: 'APPSETTING_WEBSITE_SITE_NAME' - value: 'workaround - https://github.com/microsoft/azure-container-apps/issues/502' + replicaTimeout: ocMirrorJobConfiguration[i].timeout + registries: [ + { + identity: uami.id + server: '${svcAcrName}${environment().suffixes.acrLoginServer}' + } + ] + secrets: [ + { + name: 'pull-secrets' + keyVaultUrl: 'https://${keyVaultName}${environment().suffixes.keyvaultDns}/secrets/${ocpPullSecretName}' + identity: uami.id + } + ] + } + template: { + containers: [ + { + name: 'oc-mirror' + image: ocMirrorImage + volumeMounts: [ + { volumeName: 'pull-secrets-updated', mountPath: '/etc/containers' } + ] + env: [ + { name: 'IMAGE_SET_CONFIG', value: base64(string(ocMirrorJobConfiguration[i].imageSetConfig)) } + { name: 'REGISTRY', value: ocMirrorJobConfiguration[i].targetRegistry } + { + name: 'REGISTRY_URL' + value: '${ocMirrorJobConfiguration[i].targetRegistry}${environment().suffixes.acrLoginServer}' + } + { name: 'XDG_RUNTIME_DIR', value: '/etc' } + { name: 'AZURE_CLIENT_ID', value: uami.properties.clientId } + { + name: 'APPSETTING_WEBSITE_SITE_NAME' + value: 'workaround - https://github.com/microsoft/azure-container-apps/issues/502' + } + ] + resources: { + cpu: 2 + memory: '4Gi' } - ] - resources: { - cpu: 2 - memory: '4Gi' } - } - ] - initContainers: [ - { - name: 'decodesecrets' - image: 'mcr.microsoft.com/azure-cli:cbl-mariner2.0' - command: [ - '/bin/sh' - ] - args: [ - '-c' - 'cat /tmp/secret-orig/pull-secrets | base64 -d > /etc/containers/auth.json' - ] - volumeMounts: [ - { volumeName: 'pull-secrets-updated', mountPath: '/etc/containers' } - { volumeName: 'pull-secrets', mountPath: '/tmp/secret-orig' } - ] - } - ] - volumes: [ - { - name: 'pull-secrets-updated' - storageType: 'EmptyDir' - } - { - name: 'pull-secrets' - storageType: 'Secret' - secrets: [ - { secretRef: 'pull-secrets' } - ] - } - ] + ] + initContainers: [ + { + name: 'decodesecrets' + image: 'mcr.microsoft.com/azure-cli:cbl-mariner2.0' + command: [ + '/bin/sh' + ] + args: [ + '-c' + 'cat /tmp/secret-orig/pull-secrets | base64 -d > /etc/containers/auth.json' + ] + volumeMounts: [ + { volumeName: 'pull-secrets-updated', mountPath: '/etc/containers' } + { volumeName: 'pull-secrets', mountPath: '/tmp/secret-orig' } + ] + } + ] + volumes: [ + { + name: 'pull-secrets-updated' + storageType: 'EmptyDir' + } + { + name: 'pull-secrets' + storageType: 'Secret' + secrets: [ + { secretRef: 'pull-secrets' } + ] + } + ] + } } } -} +] diff --git a/image-sync/oc-mirror/Dockerfile b/image-sync/oc-mirror/Dockerfile index 2fdd71094..8c83de445 100644 --- a/image-sync/oc-mirror/Dockerfile +++ b/image-sync/oc-mirror/Dockerfile @@ -43,4 +43,4 @@ COPY --chown=0:0 --chmod=755 --from=downloader \ /usr/local/bin/yq \ /usr/local/bin/ - ENTRYPOINT ["/usr/local/bin/mirror.sh"] +ENTRYPOINT ["/usr/local/bin/mirror.sh"] diff --git a/image-sync/oc-mirror/Makefile b/image-sync/oc-mirror/Makefile index 598f5af54..9607345df 100644 --- a/image-sync/oc-mirror/Makefile +++ b/image-sync/oc-mirror/Makefile @@ -4,15 +4,44 @@ $(shell ../../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk) include config.mk COMMIT = $(shell git rev-parse --short=7 HEAD)$(shell [[ $$(git status --porcelain) = "" ]]) +ifeq ($(shell uname), Darwin) + AUTH_FILE = ${HOME}/.config/containers/auth.json +else + AUTH_FILE = ${HOME}/.docker/config.json +endif + build-push: image push +.PHONY: build-push image: docker build --platform="linux/amd64" -f "./Dockerfile" -t ${OC_MIRROR_IMAGE_TAGGED} . +.PHONY: image push: image az acr login --name ${ARO_HCP_IMAGE_ACR} docker tag ${OC_MIRROR_IMAGE_TAGGED} ${OC_MIRROR_IMAGE}:latest docker push ${OC_MIRROR_IMAGE_TAGGED} docker push ${OC_MIRROR_IMAGE}:latest +.PHONY: push + +acm-dry-run: image + @docker run -it --rm --tmpfs /oc-mirror-workspace \ + -e XDG_RUNTIME_DIR=/ \ + -v ${AUTH_FILE}:/containers/auth.json:z \ + -v ${HOME}/.azure:/root/.azure:z \ + -e IMAGE_SET_CONFIG=$(shell cat ${PWD}/test/acm-image-set-config.yml | base64) \ + -e REGISTRY=${ARO_HCP_IMAGE_ACR} \ + -e REGISTRY_URL=${ARO_HCP_IMAGE_ACR_URL} \ + ${OC_MIRROR_IMAGE_TAGGED} --dry-run +.PHONY: acm-dry-run -.PHONY: image push build-push +ocp-dry-run: image + @docker run -it --rm --tmpfs /oc-mirror-workspace \ + -e XDG_RUNTIME_DIR=/ \ + -v ${AUTH_FILE}:/containers/auth.json:z \ + -v ${HOME}/.azure:/root/.azure:z \ + -e IMAGE_SET_CONFIG=$(shell cat ${PWD}/test/acm-image-set-config.yml | base64) \ + -e REGISTRY=${ARO_HCP_OCP_IMAGE_ACR} \ + -e REGISTRY_URL=${ARO_HCP_OCP_IMAGE_ACR_URL} \ + ${OC_MIRROR_IMAGE_TAGGED} --dry-run +.PHONY: ocp-dry-run diff --git a/image-sync/oc-mirror/README.md b/image-sync/oc-mirror/README.md index 74a4c796b..67dc9e666 100644 --- a/image-sync/oc-mirror/README.md +++ b/image-sync/oc-mirror/README.md @@ -1,42 +1,40 @@ # oc-mirror -This container contains oc-mirror end required dependencies. - -## Example usage for devarohcp - - * Build the container image `podman build -t oc-mirror .` - * Alternatively, use `make image` - * Get credentials for Openshift registries https://console.redhat.com/openshift/install/pull-secret - * Get Azure registry credentials `az acr login -n devarohcp` - * Run the sync using the built container -```BASH -podman run -it --rm --tmpfs /oc-mirror-workspace \ - -e XDG_RUNTIME_DIR=/ \ - -v $PWD/imageset-config.yml:/imageset-config.yml:Z \ - -v $HOME/.docker/config.json:/containers/auth.json:Z \ - oc-mirror \ - oc mirror --config=/imageset-config.yml docker://devarohcp.azurecr.io --dry-run +This tool packages oc-mirror and all dependencies to mirror OCP artifacts and operators to an ACR. + +## Build and push + +To build a container image and push it to the service ACR, run + +```bash +make build-push ``` -Note, the above command will run the sync in dry-run mode. To run the sync, remove the `--dry-run` flag. +## Production deployment -## Example configuration +oc-mirror and the required configurations are deployed as Azure Container App +via the `dev-infrastructure/templates/image-sync.bicep` template. -The following is an example of the configuration file `imageset-config.yml`. +## Local dry-run -This exact configuration was used in the initial testing of the `oc-mirror` tool. +To run oc-mirror locally, you need to have an active Azure CLI session. -```YAML -kind: ImageSetConfiguration -apiVersion: mirror.openshift.io/v1alpha2 -storageConfig: - registry: - imageURL: devarohcp.azurecr.io/mirror/oc-mirror-metadata - skipTLS: false -mirror: - platform: - channels: - - name: stable-4.16 - type: ocp - graph: true +### OCP mirror + +To dry-run the OCP mirror, run + +```bash +make ocp-dry-run ``` + +The test mirror-configuration can be found in the `test` directory. + +### ACM/MCE mirror + +To dry-run the ACM/MCE operator mirror, run + +```bash +make acm-dry-run +``` + +The test mirror-configuration can be found in the `test` directory. diff --git a/image-sync/oc-mirror/config.tmpl.mk b/image-sync/oc-mirror/config.tmpl.mk index 1cbf251e0..7525158d2 100644 --- a/image-sync/oc-mirror/config.tmpl.mk +++ b/image-sync/oc-mirror/config.tmpl.mk @@ -1,4 +1,7 @@ ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }} -ARO_HCP_FULL ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io -OC_MIRROR_IMAGE ?= $(ARO_HCP_FULL)/{{ .ocMirrorImageRepo }} +ARO_HCP_IMAGE_ACR_URL ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io +OC_MIRROR_IMAGE ?= $(ARO_HCP_IMAGE_ACR_URL)/{{ .ocMirrorImageRepo }} OC_MIRROR_IMAGE_TAGGED ?= $(OC_MIRROR_IMAGE):$(COMMIT) + +ARO_HCP_OCP_IMAGE_ACR ?= {{ .ocpAcrName }} +ARO_HCP_OCP_IMAGE_ACR_URL ?= ${ARO_HCP_OCP_IMAGE_ACR}.azurecr.io diff --git a/image-sync/oc-mirror/docker-login.sh b/image-sync/oc-mirror/docker-login.sh index 7526c7d2e..b87ba5f9c 100755 --- a/image-sync/oc-mirror/docker-login.sh +++ b/image-sync/oc-mirror/docker-login.sh @@ -7,4 +7,4 @@ PLAIN_CREDS="$USERNAME:$PASSWORD" AUTH=$(echo -n $PLAIN_CREDS | base64) jq --arg registry "$REGISTRY_URL" --arg auth "$AUTH" '.auths[$registry] = { "auth": $auth }' ${XDG_RUNTIME_DIR}/containers/auth.json > ${XDG_RUNTIME_DIR}/containers/tmp-auth.json -mv ${XDG_RUNTIME_DIR}/containers/tmp-auth.json ${XDG_RUNTIME_DIR}/containers/auth.json +cp ${XDG_RUNTIME_DIR}/containers/tmp-auth.json ${XDG_RUNTIME_DIR}/containers/auth.json diff --git a/image-sync/oc-mirror/mirror.sh b/image-sync/oc-mirror/mirror.sh index 18e71bd9d..7a96cfc96 100755 --- a/image-sync/oc-mirror/mirror.sh +++ b/image-sync/oc-mirror/mirror.sh @@ -1,5 +1,15 @@ #!/bin/sh az login --identity -u ${AZURE_CLIENT_ID} -echo ${IMAGE_SET_CONFIG} | base64 -d | yq eval -P > /config/imageset-config.yaml DOCKER_COMMAND=/usr/local/bin/docker-login.sh az acr login -n ${REGISTRY} -/usr/local/bin/oc-mirror --continue-on-error --config /config/imageset-config.yaml docker://${REGISTRY_URL} @$ + +IMAGE_SET_CONFIG_FILE="/config/imageset-config.yaml" +echo ${IMAGE_SET_CONFIG} | base64 -d | yq eval -P > ${IMAGE_SET_CONFIG_FILE} +API_VERSION=$(yq eval '.apiVersion' ${IMAGE_SET_CONFIG_FILE}) + +if echo "$API_VERSION" | grep -q "^mirror.openshift.io/v2"; then + ADDITIONAL_FLAGS="--workspace file:///oc-mirror-workspace --v2" +else + ADDITIONAL_FLAGS="--continue-on-error" +fi + +/usr/local/bin/oc-mirror --config ${IMAGE_SET_CONFIG_FILE} ${ADDITIONAL_FLAGS} docker://${REGISTRY_URL} @$ diff --git a/image-sync/oc-mirror/test/acm-image-set-config.yml b/image-sync/oc-mirror/test/acm-image-set-config.yml new file mode 100644 index 000000000..76d0c2426 --- /dev/null +++ b/image-sync/oc-mirror/test/acm-image-set-config.yml @@ -0,0 +1,12 @@ +kind: ImageSetConfiguration +apiVersion: mirror.openshift.io/v2alpha1 +mirror: + operators: + - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.17 + packages: + - name: multicluster-engine + bundles: + - name: multicluster-engine.v2.7.0 + - name: advanced-cluster-management + bundles: + - name: advanced-cluster-management.v2.12.0 diff --git a/image-sync/oc-mirror/test/ocp-image-set-config.yml b/image-sync/oc-mirror/test/ocp-image-set-config.yml new file mode 100644 index 000000000..e711ce74c --- /dev/null +++ b/image-sync/oc-mirror/test/ocp-image-set-config.yml @@ -0,0 +1,22 @@ +kind: ImageSetConfiguration +apiVersion: mirror.openshift.io/v1alpha2 +storageConfig: + registry: + imageURL: arohcpocpdev.azurecr.io/mirror/oc-mirror-metadata + skipTLS: false +mirror: + platform: + architectures: + - multi + - amd64 + channels: + - name: stable-4.17 + minVersion: 4.17.0 + maxVersion: 4.17.0 + type: ocp + graph: true + additionalImages: + - name: registry.redhat.io/redhat/redhat-operator-index:v4.17 + - name: registry.redhat.io/redhat/certified-operator-index:v4.17 + - name: registry.redhat.io/redhat/community-operator-index:v4.17 + - name: registry.redhat.io/redhat/redhat-marketplace-index:v4.17