kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v2alpha1
mirror:
platform:
graph: true
channels:
- name: stable-4.19
type: ocp
operators:
- catalog: registry.redhat.io/redhat/redhat-operator-index:v4.19
packages:
- name: lvms-operator
- name: advanced-cluster-management
channels:
- name: release-2.14
- name: openshift-external-secrets-operator
channels:
- name: stable-v1
- name: multicluster-engine
channels:
- name: stable-2.9
- name: openshift-gitops-operator
channels:
- name: gitops-1.19
- catalog: registry.redhat.io/redhat/community-operator-index:v4.19
packages:
- name: patterns-operator
additionalImages:
- name: registry.redhat.io/ubi9/ubi-minimal:latest
- name: registry.connect.redhat.com/hashicorp/vault:1.20.2-ubi
- name: registry.access.redhat.com/ubi8/httpd-24:10.0-1755779646
- name: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi
# Validated Patterns Helm charts
- name: quay.io/validatedpatterns/acm:0.1.17
- name: quay.io/validatedpatterns/clustergroup:0.9.41
- name: quay.io/validatedpatterns/gitea:0.0.3
- name: quay.io/validatedpatterns/golang-external-secrets:0.1.5
- name: quay.io/validatedpatterns/openshift-external-secrets:0.0.3
- name: quay.io/validatedpatterns/hashicorp-vault:0.1.6
- name: quay.io/validatedpatterns/utility-container:latest
- name: quay.io/validatedpatterns/imperative-container:v1
- name: quay.io/validatedpatterns/pattern-install:0.0.11
- name: docker.io/gitea/gitea:1.22.6-rootlessDeploy a validated pattern in a disconnected network
A disconnected network is an infrastructure isolated from external internet access. Deploying Validated Patterns in this environment requires mirroring container images, configuring internal registries, and adjusting pattern configuration files.
This guide describes deploying the Multicloud GitOps pattern on OpenShift Container Platform 4.19 in a disconnected network. The same approach applies to other validated patterns, although the required images and Operators vary by pattern.
Prerequisites
One or more OpenShift Container Platform clusters deployed in a disconnected network.
An OCI-compliant registry accessible from the disconnected network, referred to as
registry.internal.disconnected.netin this guide.A Git repository accessible from the disconnected network.
(Optional) A virtual machine (VM) in the disconnected network to run commands.
Deploying OpenShift Container Platform in a disconnected network is outside the scope of this guide. For details, see the OpenShift Container Platform disconnected environments documentation for details. |
1. Mirror required container images to an internal registry
Mirror all required container images to the internal registry. The specific images you mirror depend on the pattern, the OpenShift Container Platform version, and the required Operators. The example here mirrors images for the Multicloud GitOps pattern.
Procedure
Create an
imageset-config.yamlfile that lists the required platform images, Operators, and additional images:Run the mirror command and specify a local cache directory and the target registry:
oc mirror --config=/var/cache/oc-mirror/imageset-config.yaml \ --workspace file:///var/cache/oc-mirror/workspace \ docker://registry.internal.disconnected.net --v2 (1)1 The example uses the --v2flag to mirror images.When mirroring completes,
oc mirrorgenerates resource files in the/var/cache/oc-mirror/workspace/working-dir/cluster-resourcesdirectory.Apply the generated resource files to the cluster so that the cluster can resolve images from the internal registry:
cd /var/cache/oc-mirror/workspace/working-dir/cluster-resources oc apply -f cs-community-operator-index-v4-19.yaml \ cs-redhat-operator-index-v4-19.yaml idms-oc-mirror.yaml \ itms-oc-mirror.yamlThe catalog source names generated by the
oc mirrorcommand, such ascs-redhat-operator-index-v4-19, are required to configure the pattern values files. Do not change these names.
2. Configure the pattern for disconnected use
Update the pattern values files to reference the mirrored catalog sources and the internal Helm chart registry.
Verify that the origin remote for the local Git clone points to the disconnected Git server by running the git remote -v command.
Procedure
In the
values-global.yamlfile, point the Helm chart repository to the internal registry and configure operator sources:main: multiSourceConfig: enabled: true clusterGroupChartVersion: "0.9.*" helmRepoUrl: registry.internal.disconnected.net/validatedpatterns patternsOperator: source: cs-community-operator-index-v4-19 (1) gitops: operatorSource: cs-redhat-operator-index-v4-19 (1)1 The catalog source names must match the generated catalog sources from the oc mirrorcommand.In the
values-hub.yamlfile, configure operator sources for hub-specific components:acm: mce_operator: source: cs-redhat-operator-index-v4-19 clusterGroup: subscriptions: acm: name: advanced-cluster-management namespace: open-cluster-management channel: release-2.14 source: cs-redhat-operator-index-v4-19Commit and push these changes to the disconnected Git server.
3. Deploy the pattern
After mirroring images and configuring the pattern, deploy the pattern from a machine that has access to the disconnected cluster and the Git repository.
Procedure
Point the installation program to the mirrored Helm chart registry and deploy the pattern:
export PATTERN_DISCONNECTED_HOME=registry.internal.disconnected.net/validatedpatterns ./pattern.sh make installThe cluster converges to the specified state and the pattern installs.
Adapting this guide for other patterns
When deploying a different pattern in a disconnected network:
Identify all Operators required by the pattern and add them to the Operators list in the
imageset-config.yamlfile.Identify all additional container images referenced by the pattern Helm charts and add them to the
additionalImageslist.Update the
values-global.yaml,values-hub.yaml, and site-specific values files to reference the correct catalog source names for operator subscriptions.
