oc-mirror
is an OpenShift Client (oc) plugin that manages OpenShift release, operator catalog, helm charts, and associated container images for mirror registries that support OpenShift environments.
Please join us for our oc-mirror weekly community meeting fortnightly on Thursdays at 12pm EST https://zoom.us/meeting/tJ0lcOiqpzMpE9OQ8gwJktuKL7ZWAr3Ofe4s/ics?icsToken=98tyKuChpjwrGN2dsxCARox5Go_Cd-rxmFxej_pyrUfiFApYdhbdGrV4BZNtQ_fW .
The mirror registry reg.mirror.com
is used in this example.
Replace this value with a real registry host, or create a docker.io/library/registry:2
container locally.\
DISCLAIMER:
oc-mirror
is not compatible with Quay below version 3.6.
Example configurations can be found in the docs here
- Download pull secret and place at
~/.docker/config.json
1.- Your mirror registry secret must have both push and pull scopes.
- Build:
make build
IMPORTANT: Backends must be configured to utilize the lifecycle management features of
oc-mirror
. Examples are below.
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
archiveSize: 1
storageConfig:
local:
path: /home/user/workspace
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
storageConfig:
registry:
imageURL: localhost:5000/metadata:latest
skipTLS: true
There is a common misconception that oc-mirror is only a container image mirroring utility. This is partially accurate. In addition to image mirroring, oc-mirror optionally performs content deletions from mirror registries. When content is added to an imageset configuration, that content is published to a mirror registry. When content is removed from an imageset configuration, that content is removed from the mirror registry. This ensures that content is safely removed from the mirror registry when the user specifies.
If a user does not desire content removal from a mirror registry, they can either not remove that content from their imageset configuration or they can publish using a registry account that does not have permissions to perform content deletions. If a user chooses to disallow pruning using an account without permission to perform deletions, the --continue-on-error
flag must be used in conjunction with the publishing operation to the mirror registry.
- List updates since the last
oc-mirror
run./bin/oc-mirror list updates imageset-config.yaml
- List all available release payloads for a version of OpenShift (defaults to stable)
./bin/oc-mirror list releases --version=4.9
- List all available channels to query for a version of OpenShift
./bin/oc-mirror list releases --channels --version=4.9
- List all available release payloads for a version of OpenShift in a specified channel
./bin/oc-mirror list releases --channel=fast-4.9
- List all available catalogs for a version of OpenShift
./bin/oc-mirror list operators --catalogs --version=4.9
- List all available packages in a catalog
./bin/oc-mirror list operators --catalog=catalog-name
- List all available channels in a package
./bin/oc-mirror list operators --catalog=catalog-name --package=package-name
- List all available versions in a channel
./bin/oc-mirror list operators --catalog=catalog-name --package=package-name --channel=channel-name
Note: These workflows are compatible and can be used interchangeably for the same mirror registry.
Note: oc-mirror metadata is always stored where specified by the user and in an expected location managed by oc-mirror (always "registry/namespace/oc-mirror:UUID). This allows a user to seamlessly switch between a fully-disconnected workflow and a partially disconnected workflow.
- Create then publish to your mirror registry:
./bin/oc-mirror --config imageset-config.yaml file://archives ./bin/oc-mirror --from /path/to/archives docker://reg.mirror.com
- Publish mirror to mirror
./bin/oc-mirror --config imageset-config.yaml docker://localhost:5000
- Get information on your imageset using
describe
./bin/oc-mirror describe /path/to/archives
- List updates since last run for releases and operators
./bin/oc-mirror list updates --config imageset-config.yaml
For configuration and options, see the expanded overview and usage docs.
1 For this example, the create
and publish
steps are run on the same machine. Therefore your ~/.docker/config.json
or ${XDG_RUNTIME_DIR}/containers/auth.json
should contain auth config for both release/catalog source images and your mirror registry.
See the config spec for an in-depth description of fields.
Note: The imageset-config.yaml
is only used during bundle creation.
- All top-level requirements
go
version 1.17+
make
./bin/oc-mirror -h
Note: Using oc-mirror init
with local builds may result in unexpected release channel names.
Unit:
make test-unit
E2E:
make test-e2e