Setting up a mirroring environment with a bastion host

Before you install the Db2® Operator on an air-gapped environment, you must set up a host that can be connected to the internet to complete configuring your mirroring environment. To set up your mirroring environment, complete the following steps:

Before you begin

Before completing this task ensure you have the following:

Configure your environment

  • A Docker V2 registry that is available and accessible from the OpenShift® Container Platform cluster nodes.
  • The following sites and ports must be accessible:
    • icr.io:443 for the Db2 Operator and operand images
    • github.com for operator packages and tools
    • redhat.com for Red Hat® OpenShift Container Platform upgrades
  • Storage is available and configured on your cluster.

Set up local image registry and access

Use a local Docker registry to store images in your network restricted environment. If you already have one or more centralized, corporate registry servers that store production container images, you can use those for this purpose. If a registry is not already available, install and configure a production-grade registry.
Important: Do not use OpenShift image registry as your local registry. The OpenShift registry does not support multi-architecture images or path separators in the image name.
The local registry must meet the following requirements:
  • Supports multi-architecture images through Docker Manifest V2, Schema 2. For details, see Docker Manifest V2, Schema 2
  • Open Container Initiative (OCI) compliant. (Quay does not support uncompressed layers, so it is not compliant.)
  • Sufficient storage to hold all the software
  • Accessible from the OpenShift Container Platform cluster nodes
  • Supports using path separators in the image name
  • Supports auto-repository creation

Prepare a host for mirroring the images

You must be able to connect your file system to the internet and to the restricted network environment (with access to the OpenShift Container Platform cluster and the local registry).

The following table provides the software requirements for installing the Db2 Operator in an air-gapped environment:

Software requirements and purpose
Software Purpose
Docker Container management
Podman Container management
oc Red Hat OpenShift Container Platform administration
oc ibm-pak oc IBM Catalog Management Plug-in for IBM Cloud Paks

Procedure

To prepare a host for mirroring the images, complete the following steps on your host:

  1. Install Docker or Podman.

    • To install Docker (for example, on Red Hat® Enterprise Linux®), run the following commands:

      yum check-update
yum install docker
    • To install Podman, see Podman installation instructions.
  2. Install the oc OpenShift Container Platform CLI Tool.
    Follow the procedure for Getting started with the OpenShift CLI
  3. Download the IBM Catalog Management plug-in version 1.6.0 or later from GitHub.
    This plug-in allows you to run oc ibm-pak commands against the cluster.
    To confirm that ibm-pak is installed, run the following command:
    oc ibm-pak --help
    This should return the oc ibm-pak usage.