Mirroring Certified Container images in an air-gapped environment

You can install certified containers in an AIR-GAP environment where your OpenShift Container platform or Kubernetes cluster does not have access to the internet. Therefore, it is important to properly configure and install the certified containers in such an environment.
Required Tools and Resources:
  • casectl
  • cloud-pak-airgap-cli scripts (Ideally embedded as launch scripts in your CASE)
  • cloudctl
Note: Download the above tools in VM and save them.
Procedure
  1. Run the command below to create a digest.yaml file.
    casectl digest --case <path of the helm charts>
  2. Set up CASE resolvers as below:
    • Add URLs to the resolvers.yaml file.
    • Add the userids and password keys to the resolvers-auth.yaml file.
  3. Run the command below to download the CASES.
    casectl check items --downloadDir /tmp/cases \
-c stable/ibm-b2bi-case-bundle/case/ibm-b2bi/ \
-i "*" \
--resourceAuthLocation ~/git/ibm-b2bi-case-bundle-resolversAuth.yaml \
--resourceLocation ~/git/ibm-b2bi-case-bundle-resolvers.yaml \
--force
  4. Check the downloaded CASES under the download directory /tmp/cases.
    Note: The following CASES will be created under the download directory.
    Charts
ibm-b2bi-1.0.1-images.csv
ibm-b2bi-1.0.1-charts.csv
ibm-b2bi-1.0.1.tgz
  5. Update the fields below:

    registry, image_name, tag, digest, mtype, os, arch, variant, insecure, digest_source,image_type and groups values in the images csv file.

  6. Mirror the images as below:
    1. Setup temporary registries.
      • Run the command below to setup a temporary registry.
        ./airgap.sh registry service init
      • Run the command below to start the registry service.
        ./airgap.sh registry service start
      • Run the command below to add any credentials required to mirror images into an internal registry.
        cloudctl case launch  \
  --case $CASEPATH    \
  --namespace $NS     \
  --inventory $ITEM   \
  --action configure-creds-airgap  \
  --args "--registry $SOURCE_REGISTRY --user $SOURCE_REGISTRY_USER --pass $SOURCE_REGISTRY_PASS" \
  --tolerance 1
    2. Run the command below to mirror the images.
      cloudctl case launch  \
  --case $CASEPATH    \
  --namespace $NS     \
  --inventory $ITEM   \
  --action mirror-images  \
  --args "--registry $TARGET_REGISTRY --inputDir $OFFLINEDIR" \
  --tolerance 1
  7. Run the command below to configure cluster. 
    cloudctl case launch  \
  --case $CASEPATH    \
  --namespace $NS     \
  --inventory $ITEM   \
  --action configure-cluster-airgap  \
  --args "--registry $TARGET_REGISTRY --inputDir $OFFLINEDIR --dryRun" \
  --tolerance 1
  8. Run the install tests below:
    cloudctl case launch  \
--case $CASEPATH    \
--namespace $NS     \
--inventory $ITEM   \
--action $ACTION \
--args "--additional_prop1 $VALUE1 --additional_prop2 $VALUE2" \
--tolerance 1