mirroring-image-repository.adoc

Mirroring the {product-title} image repository

You must mirror container images onto a mirror registry before you can update a cluster in a disconnected environment. You can also use this procedure in connected environments to ensure your clusters run only approved container images that have satisfied your organizational controls for external content.

Note	Your mirror registry must be running at all times while the cluster is running.

The following steps outline the high-level workflow on how to mirror images to a mirror registry:

1. Install the OpenShift CLI (oc) on all devices being used to retrieve and push release images.

2. Download the registry pull secret and add it to your cluster.

3. If you use the oc-mirror OpenShift CLI (oc) plugin:

   1. Install the oc-mirror plugin on all devices being used to retrieve and push release images.

   2. Create an image set configuration file for the plugin to use when determining which release images to mirror. You can edit this configuration file later to change which release images that the plugin mirrors.

   3. Mirror your targeted release images directly to a mirror registry, or to removable media and then to a mirror registry.

   4. Configure your cluster to use the resources generated by the oc-mirror plugin.

   5. Repeat these steps as needed to update your mirror registry.

4. If you use the oc adm release mirror command:

   1. Set environment variables that correspond to your environment and the release images you want to mirror.

   2. Mirror your targeted release images directly to a mirror registry, or to removable media and then to a mirror registry.

   3. Repeat these steps as needed to update your mirror registry.

Compared to using the oc adm release mirror command, the oc-mirror plugin has the following advantages:

• It can mirror content other than container images.

• After mirroring images for the first time, it is easier to update images in the registry.

• The oc-mirror plugin provides an automated way to mirror the release payload from Quay, and also builds the latest graph data image for the OpenShift Update Service running in the disconnected environment.

Prerequisites

• You must have a container image registry that supports Docker v2-2 in the location that will host the {product-title} cluster, such as Red Hat Quay.

  Note

  If you use Red Hat Quay, you must use version 3.6 or later with the oc-mirror plugin. If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay for proof-of-concept purposes or by using the Quay Operator. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat Support.

  If you do not have an existing solution for a container image registry, the mirror registry for Red Hat OpenShift is included in {product-title} subscriptions. The mirror registry for Red Hat OpenShift is a small-scale container registry that you can use to mirror {product-title} container images in disconnected installations and updates.

Preparing your mirror host

Before you perform the mirror procedure, you must prepare the host to retrieve content and push it to the remote location.

modules/cli-installing-cli.adoc

Additional resources

• Installing and using CLI plugins

modules/installation-adding-registry-pull-secret.adoc

Mirroring resources using the oc-mirror plugin

You can use the oc-mirror OpenShift CLI (oc) plugin to mirror images to a mirror registry in your fully or partially disconnected environments. You must run oc-mirror from a system with internet connectivity to download the required images from the official Red Hat registries.

modules/oc-mirror-about.adoc

modules/oc-mirror-support.adoc

modules/installation-about-mirror-registry.adoc

Additional resources

• For information about viewing the CRI-O logs to view the image source, see Viewing the image pull source.

modules/oc-mirror-installing-plugin.adoc

modules/oc-mirror-creating-image-set-config.adoc

Additional resources

• Image set configuration parameters

• Image set configuration examples

• About the OpenShift Update Service

Mirroring an image set to a mirror registry

You can use the oc-mirror CLI plugin to mirror images to a mirror registry in a partially disconnected environment or in a fully disconnected environment.

The following procedures assume that you already have your mirror registry set up.

Mirroring an image set in a partially disconnected environment

In a partially disconnected environment, you can mirror an image set directly to the target mirror registry.

modules/oc-mirror-mirror-to-mirror.adoc

Mirroring an image set in a fully disconnected environment

To mirror an image set in a fully disconnected environment, you must first mirror the image set to disk, then mirror the image set file on disk to a mirror.

modules/oc-mirror-mirror-to-disk.adoc

modules/oc-mirror-disk-to-mirror.adoc

modules/oc-mirror-updating-cluster-manifests.adoc

Keeping your mirror registry content updated

After you populate your target mirror registry with the initial image set, you must update it regularly so that it has the latest content. If possible, you can set up a cron job to update the mirror registry on a regular basis.

Update your image set configuration to add or remove {product-title} and Operator releases as necessary. Removed images are pruned from the mirror registry.

modules/oc-mirror-updating-registry-about.adoc

modules/oc-mirror-differential-updates.adoc

Additional resources

• Image set configuration examples

• Mirroring an image set in a partially disconnected environment

• Mirroring an image set in a fully disconnected environment

• Configuring your cluster to use the resources generated by oc-mirror

modules/oc-mirror-dry-run.adoc

modules/oc-mirror-oci-format.adoc

Additional resources

• File-based catalogs

modules/oc-mirror-imageset-config-params.adoc

modules/oc-mirror-image-set-config-examples.adoc

modules/oc-mirror-command-reference.adoc

modules/update-mirror-repository.adoc