Mirroring OpenShift Container Platform release images to enterprise registry
Mirror the OpenShift® Container Platform image repository to your registry to use during installation or upgrade.
Before you begin
About this task
For more information about Red Hat® OpenShift Container Platform, see Red Hat OpenShift Documentation.
Procedure
- Set the following environment variables:
OCP_RELEASE=<your OCP version> PRODUCT_REPO='openshift-release-dev' RELEASE_NAME="ocp-release" ARCHITECTURE=x86_64 LOCAL_SECRET_JSON='<relative path to pull-secret.json>' LOCAL_OCP_REGISTRY='<Your enterprise registry host>:<port>' LOCAL_OCP_REPOSITORY='<Your image path>'
Here, enter the following values for theOCP_RELEASE
:- For 2.8.0, it is 4.14.14 or 4.15.2
- For 2.8.1, it is 4.14.24 or 4.15.12
See the following sample values:LOCAL_SECRET_JSON='/home/mirror/pull-secret.json' LOCAL_OCP_REGISTRY='registryhost.com:443' LOCAL_OCP_REPOSITORY='mirror-ocp'
LOCAL_SECRET_JSON
is relative path for yourpull-secret.json
file.LOCAL_OCP_REGISTRY
is your entitlement registry.LOCAL_OCP_REPOSITORY
is the image path, in which you want to mirror the images. You can choose your own repository paths. For example, hci-2.8.0/isf or hci-2.8.0 or hci-2.8.1/isf or hci-2.8.1.Note: Change the values ofLOCAL_SECRET_JSON
,LOCAL_OCP_REGISTRY
, andLOCAL_OCP_REPOSITORY
. Keep the other values as is. - Run the command to login to the Docker registry with your enterprise registry
credentials.
docker login $LOCAL_OCP_REGISTRY -u <your enterprise registry username> -p <your enterprise registry password>
- Run the command to create catalog mirror images:
oc adm release mirror -a ${LOCAL_SECRET_JSON} --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_OCP_REGISTRY}/${LOCAL_OCP_REPOSITORY} --to-release-image=${LOCAL_OCP_REGISTRY}/${LOCAL_OCP_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
After successful mirroring, a confirmation message gets displayed. For example:Success Update image: <Your enterprise registry>:<port>/<Your image path>:4.14.14-x86_64 Mirror prefix: <Your enterprise registry>:<port>/<Your image path> Mirror prefix: <Your enterprise registry>:<port>/<Your image path>:4.14.14-x86_64
Note: If your enterprise registry is configured using self-signed certificate or if you get an errorx509: certificate signed by unknown authority
, then use--insecure=true
to successfully complete the mirroring for OpenShift release image.Sample command:oc adm release mirror -a ${LOCAL_SECRET_JSON} --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_OCP_REGISTRY}/${LOCAL_OCP_REPOSITORY} --to-release-image=${LOCAL_OCP_REGISTRY}/${LOCAL_OCP_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} --insecure=true
- To verify whether the images were successfully mirrored, check that the command output
contains the following information:
imageContentSources: - mirrors: - <Your enterprise registry>:<port>/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-release - mirrors: - <Your enterprise registry>:<port>/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
See the following sample values:imageContentSources: - mirrors: - registryhost.com:443/mirror-ocp source: quay.io/openshift-release-dev/ocp-release - mirrors: - registryhost.com:443/mirror-ocp source: quay.io/openshift-release-dev/ocp-v4.0-art-dev