Mirroring Red Hat operator images to enterprise registry

Mirror the Red Hat® operator images to your enterprise registry.

Before you begin

Ensure that you go through the Before you begin section and About the task section of Mirroring your images to the enterprise registry. For more information about the installation of Red Hat operator images, see Using Operator Lifecycle Manager on restricted networks .


  1. Run the following command to login to Docker registry with your Red Hat enterprise credentials:
    docker login registry.redhat.io -u <Red Hat enterprise registry username> -p <Red Hat enterprise registry password>
    Set the following environment variables:
    export LOCAL_SECRET_JSON='<relative path to pull-secret.json>'
    export LOCAL_ISF_REGISTRY="<Your enterprise registry host>:<port>"
    export LOCAL_ISF_REPOSITORY="<Your image path>"
    if [[ "$PREFIX" != "" ]]; then export TARGET_PATH="$LOCAL_ISF_REGISTRY/$NAMESPACE/$PREFIX"; export REPO_PREFIX=$(echo "$PREFIX"| sed -r 's/\//-/g')-; export NAMESPACE="$NAMESPACE"; else export TARGET_PATH="$LOCAL_ISF_REGISTRY/$NAMESPACE"; export REPO_PREFIX=""; fi
    #verify both variables set correctly
    echo "$TARGET_PATH"
    echo "$NAMESPACE"
    echo "$REPO_PREFIX" 
    Note: Port is a non-mandatory value when setting the LOCAL_ISF_REGISTRY variable. You can ignore this if your enterprise registry is accessible and has a secure connection.
    Sample value for without port:
    export LOCAL_ISF_REGISTRY="registryhost.com"
    See the following sample values:
    export LOCAL_SECRET_JSON='/home/mirror/pull-secret.json'
    export LOCAL_ISF_REGISTRY="registryhost.com:443"
    export LOCAL_ISF_REPOSITORY="fusion-mirror"

    LOCAL_SECRET_JSON is relative path for your pull-secret.json file.

    LOCAL_ISF_REGISTRY is your entitlement registry.

    LOCAL_ISF_REPOSITORY is the image path in which you want to mirror the images. You can choose your own repository paths. For example, hci-2.6.1/isf or hci-2.6.1.

  2. Run the command to login to the Docker registry with your enterprise registry credentials.
    docker login $LOCAL_ISF_REGISTRY -u <your enterprise registry username> -p <your enterprise registry password>
  3. If you have docker, run the following opm index prune command to create a new index image that contains necessary packages:
    opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.10 -p kubernetes-nmstate-operator,kubevirt-hyperconverged,redhat-oadp-operator,amq-streams -t "$TARGET_PATH"/redhat-operator-index:v4.10 -c docker
    • The redhat-oadp-operator and amq-streams packages are required to install the Red Hat OADP operator and AMQ Streams operator. It is a prerequisite to deploy the IBM Backup & Restore service. If you plan to use the IBM Backup & Restore service, retain it in the commands, or else you can skip it.
    • If you have podman instead of docker, use the following command.
      opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.10 -p kubernetes-nmstate-operator,kubevirt-hyperconverged,redhat-oadp-operator,amq-streams -t "$TARGET_PATH"/redhat-operator-index:v4.10
    This can take 5 - 10 minutes to complete.
    Note: The kubevirt-hyperconverged is required to install OpenShift® virtualization operator. It is a prerequisite to deploy isf-ics operator. If you plan to use isf-ics, retain it in the commands, or else you can skip it.
    The created index package has kubernetes-nmstate-operator and kubevirt-hyperconverged operator images.
  4. Run the command to push the created image to enterprise registry:
    docker push "$TARGET_PATH"/redhat-operator-index:v4.10
  5. Run the command to create catalog mirror image:
    nohup oc adm catalog mirror -a "$LOCAL_SECRET_JSON" "$TARGET_PATH"/redhat-operator-index:v4.10 "$TARGET_PATH" --index-filter-by-os='linux/amd64' &
    You can monitor the status in the generated nohup.out.
    wrote mirroring manifests to manifests-<index_image_name>-<random_number>
  6. After successfully mirroring the content to your registry, check the manifests directory that is created in your current directory. Ensure that the directory name has the following form and the generated folder should contain the following three files:
    catalogSource.yaml  imageContentSourcePolicy.yaml  mapping.txt
    For example see the following folder and files generated in your current directory:
    ls manifests-redhat-operator-index-123456789
    catalogSource.yaml  imageContentSourcePolicy.yaml  mapping.txt