Mirroring Red Hat operator images to enterprise registry

Mirror the Red Hat® operator images to your enterprise registry.

Before you begin

Make sure that you go through the Before you begin section and About the task section of End-to-end mirroring of IBM Fusion and its services images to the enterprise registry. For more information about the installation of Red Hat operator images, see Using Operator Lifecycle Manager on restricted networks.
Make sure that you install the oc-mirror OpenShift CLI plug-in. For more information about oc-mirror OpenShift CLI plug-in installation, see Installing the oc-mirror OpenShift CLI plugin.
Ensure that you must use the recent enterprise registry images for mirroring.

Procedure

Log in to quay.io and run the following command to login to the Docker registry with your Red Hat enterprise credentials:
```
podman login registry.redhat.io -u <Red Hat enterprise registry username> -p <Red Hat enterprise registry password>
```
Set the following environment variables:
```
export LOCAL_ISF_REGISTRY="<Your enterprise registry host>:<port>"
export LOCAL_ISF_REPOSITORY="<Your image path>"
export TARGET_PATH="$LOCAL_ISF_REGISTRY/$LOCAL_ISF_REPOSITORY"
echo "$TARGET_PATH"
```
Note:
- Port is a non-mandatory value when you set the LOCAL_ISF_REGISTRY variable. You can ignore this if your enterprise registry is accessible and has a secure connection.
Sample value for without port:
```
export LOCAL_ISF_REGISTRY="registryhost.com"
```
See the following sample values:
```
export LOCAL_ISF_REGISTRY="registryhost.com:443"
export LOCAL_ISF_REPOSITORY="fusion-mirror"
```
LOCAL_ISF_REGISTRY is your entitlement registry.

LOCAL_ISF_REPOSITORY is the image path in which you want to mirror the images. You can choose your own repository paths. For example, sds-images/isf or sds-images

Run the command to login to the Docker registry with your enterprise registry credentials.

podman login $LOCAL_ISF_REGISTRY -u <your enterprise registry username> -p <your enterprise registry password>

Create an image set configuration file for Red Hat packages that are required for IBM Fusion installation.
For example:
```
imageset-config-redhatoperator.yaml
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
mirror:
  operators:
    - catalog: registry.redhat.io/redhat/certified-operator-index:v$OCP_VERSION
      packages:
        - name: "cloudnative-pg"
      full: true
    - catalog: registry.redhat.io/redhat/redhat-operator-index:v$OCP_VERSION
      packages:
        - name: "amq-streams"
        - name: "redhat-oadp-operator"
        - name: "kubevirt-hyperconverged"  
        - name: "multicluster-engine"
        - name: "metallb-operator"
      full: true
```
Note:
- The self-node-remediation operator is used to enable automatic workload failover in case of unplanned node unavailability.
- The redhat-oadp-operator and amq-streams packages are required to install the Red Hat OADP operator and AMQ Streams operator. It is a prerequisite to deploy the IBM Backup & Restore service. If you plan to use the IBM Backup & Restore service, retain it in the commands, or else you can skip it.
- The amq-streams package is required to install the IBM Data Cataloging service. If you plan to use the IBM IBM Data Cataloging service, retain it in the commands, or else you can skip it.
- The cloudnative-pg package is required to install the CAS service. If you plan to use the CAS service, retain it in the commands, or else you can skip it.
- The metallb-operator, multicluster-engine, kubevirt-hyperconvergedand operators are required to deploy Hosted Control Plane clusters.

Run the following oc command to mirror the images from the specified image set configuration to a specified registry:

oc mirror --config imageset-config-redhatoperator.yaml docker://$TARGET_PATH --dest-skip-tls --ignore-history

This can take 5-10 minutes to complete.

Example output:

Rendering catalog image "<TARGET_PATH>/redhat/redhat-operator-index:v4.16" with file-based catalog
Writing image mapping to oc-mirror-workspace/results-1693810862/mapping.txt
Writing CatalogSource manifests to oc-mirror-workspace/results-1693810862
Writing ICSP manifests to oc-mirror-workspace/results-1693810862

After you mirror the content to your registry, go to the generated oc-mirror-workspace/ directory. Go to the results-1xxxx directory, and verify that the YAML files are present for the ImageContentSourcePolicy and CatalogSource resources.

Apply the generated ImageContentSourcePolicy to the cluster:

cd ./oc-mirror-workspace/results-<generated_id>
oc apply -f imageContentSourcePolicy.yaml

Example ImageContentSourcePolicy:

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  labels:
    operators.openshift.org/catalog: "true"
  name: operator-0
spec:
  repositoryDigestMirrors:
  - mirrors:
    - $TARGET_PATH/migration-toolkit-virtualization
    source: registry.redhat.io/migration-toolkit-virtualization
  - mirrors:
    - $TARGET_PATH/ubi8
    source: registry.redhat.io/ubi8
  - mirrors:
    - $TARGET_PATH/ubi8
    source: registry.access.redhat.com/ubi8
  - mirrors:
    - $TARGET_PATH/container-native-virtualization
    source: registry.redhat.io/container-native-virtualization
  - mirrors:
    - $TARGET_PATH/openshift4
    source: registry.redhat.io/openshift4
  - mirrors:
    - $TARGET_PATH/oadp
    source: registry.redhat.io/oadp
  - mirrors:
    - $TARGET_PATH/amq-streams
    source: registry.redhat.io/amq-streams
  - mirrors:
    - $TARGET_PATH/amq7
    source: registry.redhat.io/amq7
  - mirrors:
    - $TARGET_PATH/workload-availability
    source: registry.redhat.io/workload-availability

Important: You can run this step only once when the cluster is up for a freshly installed rack.

Apply the generated CatalogSource to the cluster:

oc apply -f catalogSource-cs-redhat-operator-index.yaml
oc apply -f catalogSource-cs-certified-operator-index.yaml