Pushing the odo init image to the restricted cluster registry

    • Install oc on the client operating system.

    • Install odo on the client operating system.

    • Access to a restricted cluster with a configured internal registry or a mirror registry.

    Depending on your operating system, you can push the odo init image to a cluster with a mirror registry as follows:

    Procedure

    1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    2. Copy the encoded root CA certificate to the appropriate location:

      1. $ sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crt

    3. Trust a CA in your client platform and log into the OKD mirror registry:

      1. $ sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart / docker && docker login <mirror-registry>:5000 -u <username> -p <password>

    4. Mirror the odo init image:

      1. $ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

    5. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

      1. $ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

    Pushing the init image to a mirror registry on MacOS

    Procedure

    1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

      1. $ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt

    2. Copy the encoded root CA certificate to the appropriate location:

      1. Restart Docker using the Docker UI.

      2. Run the following command:

        1. $ docker login <mirror-registry>:5000 -u <username> -p <password>

    3. Mirror the odo init image:

      1. $ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

    4. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

      1. $ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

    1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

      1. PS C:\> echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt

    2. As an administrator, copy the encoded root CA certificate to the appropriate location by executing the following command:

      1. PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" disconnect-ca.crt

    3. Trust a CA in your client platform and log into the OKD mirror registry:

      1. Restart Docker using the Docker UI.

      2. Run the following command:

        1. PS C:\WINDOWS\system32> docker login <mirror-registry>:5000 -u <username> -p <password>

    4. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

      1. PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>"

    If your cluster allows images to be pushed to the internal registry directly, push the odo init image to the registry as follows:

    Pushing the init image directly on Linux

    Procedure

    1. Enable the default route:

    2. Get a wildcard route CA:

      1. $ oc get secret router-certs-default -n openshift-ingress -o yaml

      Example output

      1. apiVersion: v1
      2. data:
      3.   tls.crt: **************************
      4.   tls.key: ##################
      5. kind: Secret
      6. metadata:
      7.   [...]
      8. type: kubernetes.io/tls

    3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

      1. $ echo <tls.crt> | base64 --decode > ca.crt

    4. Trust a CA in your client platform:

      1. $ sudo cp ca.crt  /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker

    5. Log into the internal registry:

      1. $ oc get route -n openshift-image-registry
      2. NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
      3. default-route   <registry_path>          image-registry   <all>   reencrypt     None
      5. $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)

    6. Push the odo init image:

      1. $ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
      3. $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
      5. $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>

    7. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

      1. $ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1

    1. Enable the default route:

      1. $ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry

    2. Get a wildcard route CA:

      1. $ oc get secret router-certs-default -n openshift-ingress -o yaml

      Example output

    3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

      1. $ echo <tls.crt> | base64 --decode > ca.crt

    4. Trust a CA in your client platform:

      1. Log into the internal registry:

        1. $ oc get route -n openshift-image-registry
        3. default-route   <registry_path>          image-registry   <all>   reencrypt     None
        5. $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)

      2. Push the odo init image:

        1. $ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
        3. $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
        5. $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>

      3. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

        1. $ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1

      Pushing the init image directly on Windows

      Procedure

      1. Enable the default route:

        1. PS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry

      2. Get a wildcard route CA:

        1. PS C:\> oc get secret router-certs-default -n openshift-ingress -o yaml

        Example output

        1. apiVersion: v1
        2. data:
        3.   tls.crt: **************************
        4.   tls.key: ##################
        5. kind: Secret
        6. metadata:
        7.   [...]
        8. type: kubernetes.io/tls

      3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

        1. PS C:\> echo <tls.crt> | base64 --decode > ca.crt

      4. As an administrator, trust a CA in your client platform by executing the following command:

        1. PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crt

      5. Log into the internal registry:

        1. PS C:\> oc get route -n openshift-image-registry
        2. NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
        3. default-route   <registry_path>          image-registry   <all>   reencrypt     None
        5. PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)

      6. Push the odo init image:

      7. Override the default odo init image path by setting the environment variable:

        1. PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"