chore(release-1.4): Cherry-pick the improvements to the airgap env preparation script #796
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…415] (redhat-developer#705) * wip * Allow to mirror extra-images * Create IDMS on OCP and various fixes * Fix issue when pushing to the internal OCP registry Image names should follow this format: <project>/<name> * Update prepare-restricted-environment.sh script instead (in a backward compatible manner) * Default to installing the operator * Improve usage docs * Automatically detect and use the internal OCP registry unless --to-registry is set * Make sure the operand images can be pulles when using the internal OCP registry It works by adding the pull secrets to the namespace default service account. So it will only work when creating the CR in the operator namespace. Otherwise, we are displaying the instructions for different namespaces * Allow to use `oc-mirror` as tool for mirroring This is useful if users want to explicitly use `oc-mirror` as their tool of choice and they know they are already on OCP TBD: this currently does not work with the internal OCP registry when autodetected by the script * Fix an unbound variable issue * Fix unbound variable issue * Update docs * Use a temporary registry auth file for `skopeo` and `podman` Otherwise tools like 'skopeo login' will attempt to write to /run, which might be restricted in CI environments. This also ensures that the credentials don't conflict with any existing creds for the same registry. Co-authored-by: Zbynek Drapela <[email protected]> * Revert "Use a temporary registry auth file for `skopeo` and `podman`" This reverts commit c02beca. * Reapply "Use a temporary registry auth file for `skopeo` and `podman`" This reverts commit c6dc186. * Use a temporary registry auth file for `skopeo` and `podman` Otherwise tools like 'skopeo login' will attempt to write to /run, which might be restricted in CI environments. Since the user is required to be logged into the index image registry (and the target mirror registry eventually), it also makes sure these auth information are not lost when switching to a temporary auth file. * Disable redirects on the integrated OCP image registry Otherwise, as depicted in [1], this might cause some 403 errors to be returned to Skopeo. This fixes the behavior seen on the QE airgap bastion host. [1] https://access.redhat.com/solutions/6022011 * Fix registry auth creds loading oc-mirror v1 always loads the docker creds first [1]. But we want to use our own credentials file, which is not possible until oc-mirror v2 (currently tech preview). [1] https://github.com/openshift/oc-mirror/blob/main/pkg/image/credentials.go * Allow to filter all versions from the catalog By specifying `--filter-versions '*'` * Allow to override the path to the oc-mirror binary This adds a new option: --oc-mirror-path Might be useful when troubleshooting issues. * Provide hint to log into the OCP cluster when neither --to-registry nor --to-dir are specified * Fix issues with oc-mirror Because of targetCatalog in the ImageSet, the catalog image needs to exist in the target registry * Fix unbound variable issue * Append the default pull secrets in the catalog source manifest generated by oc-mirror * Remove note about oc-mirror limitation * Update docs * [oc-mirror] Fix target catalog image path in the registry when using the integrated OCP registry * Fix issues when mirroring with oc-mirror --------- Co-authored-by: Zbynek Drapela <[email protected]>
…oper#751) * Check sh scripts in CI * Include registry auth creds for know registries by default in the airgap install script
…oper#779) This introduces a new '--ci-index' option, which, when set to 'true', will replace all references to the internal Red Hat registries with quay.io when extracting and rebuilding the catalog.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Cherry-picks of the following PRs into
release-1.4:Which issue(s) does this PR fix or relate to
Relates to https://issues.redhat.com/browse/RHIDP-4415
PR acceptance criteria
How to test changes / Special notes to the reviewer
See #705
/cc @nickboldt