This is a cache of https://docs.openshift.com/container-platform/4.4/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.html. It is a snapshot of the page at 2024-11-23T01:25:49.729+0000.
Pushing the odo init image to the restricted cluster registry - Developer CLI (odo) | CLI tools | OpenShift Container Platform 4.4
×

Prerequisites

  • Install oc on the client operating system.

  • Install odo on the client operating system.

  • Access to a restricted cluster with a configured internal registry or a mirror registry.

Pushing the odo init image to a mirror registry

Depending on your operating system, you can push the odo init image to a cluster with a mirror registry as follows:

Pushing the init image to a mirror registry on Linux

Procedure
  1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    $ echo <content_of_additional_ca> | base64 -d > disconnect-ca.crt
  2. Copy the encoded root CA certificate to the appropriate location:

    $ sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crt
  3. Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:

    $ sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart / docker && docker login <mirror-registry>:5000 -u <username> -p <password>
  4. Mirror the odo init image:

    $ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
  5. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    $ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

Pushing the init image to a mirror registry on MacOS

Procedure
  1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    $ echo <content_of_additional_ca> | base64 -d > disconnect-ca.crt
  2. Copy the encoded root CA certificate to the appropriate location:

    1. Restart Docker using the Docker UI.

    2. Run the following command:

      $ docker login <mirror-registry>:5000 -u <username> -p <password>
  3. Mirror the odo init image:

    $ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
  4. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    $ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>

Pushing the init image to a mirror registry on Windows

Procedure
  1. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    PS C:\> echo <content_of_additional_ca> | base64 -d > disconnect-ca.crt
  2. As an administrator, copy the encoded root CA certificate to the appropriate location by executing the following command:

    PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" disconnect-ca.crt
  3. Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:

    1. Restart Docker using the Docker UI.

    2. Run the following command:

      PS C:\WINDOWS\system32> docker login <mirror-registry>:5000 -u <username> -p <password>
  4. Mirror the odo init image:

    PS C:\> oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
  5. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>"

Pushing the odo init image to an internal registry directly

If your cluster allows images to be pushed to the internal registry directly, push the odo init image to the registry as follows:

Pushing the init image directly on Linux

Procedure
  1. Enable the default route:

    $ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultroute":true}}' --type='merge' -n openshift-image-registry
  2. Get a wildcard route CA:

    $ oc get secret router-certs-default -n openshift-ingress -o yaml
    apiVersion: v1
    data:
      tls.crt: **************************
      tls.key: ##################
    kind: Secret
    metadata:
      [...]
    type: kubernetes.io/tls
  3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    $ echo <tls.crt> | base64 -d > ca.crt
  4. Trust a CA in your client platform:

    $ sudo cp ca.crt  /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker
  5. Log into the internal registry:

    $ oc get route -n openshift-image-registry
    NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
    default-route   <registry_path>          image-registry   <all>   reencrypt     None
    
    $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
  6. Push the odo init image:

    $ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
    
    $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
    
    $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
  7. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    $ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1

Pushing the init image directly on MacOS

Procedure
  1. Enable the default route:

    $ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultroute":true}}' --type='merge' -n openshift-image-registry
  2. Get a wildcard route CA:

    $ oc get secret router-certs-default -n openshift-ingress -o yaml
    apiVersion: v1
    data:
      tls.crt: **************************
      tls.key: ##################
    kind: Secret
    metadata:
      [...]
    type: kubernetes.io/tls
  3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    $ echo <tls.crt> | base64 -d > ca.crt
  4. Trust a CA in your client platform:

    $ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
  5. Log into the internal registry:

    $ oc get route -n openshift-image-registry
    NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
    default-route   <registry_path>          image-registry   <all>   reencrypt     None
    
    $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
  6. Push the odo init image:

    $ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
    
    $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
    
    $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
  7. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    $ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1

Pushing the init image directly on Windows

Procedure
  1. Enable the default route:

    PS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultroute":true}}' --type='merge' -n openshift-image-registry
  2. Get a wildcard route CA:

    PS C:\> oc get secret router-certs-default -n openshift-ingress -o yaml
    apiVersion: v1
    data:
      tls.crt: **************************
      tls.key: ##################
    kind: Secret
    metadata:
      [...]
    type: kubernetes.io/tls
  3. Use base64 to encode the root certification authority (CA) content of your mirror registry:

    PS C:\> echo <tls.crt> | base64 -d > ca.crt
  4. As an administrator, trust a CA in your client platform by executing the following command:

    PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crt
  5. Log into the internal registry:

    PS C:\> oc get route -n openshift-image-registry
    NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
    default-route   <registry_path>          image-registry   <all>   reencrypt     None
    
    PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
  6. Push the odo init image:

    PS C:\> docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
    
    PS C:\> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
    
    PS C:\> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
  7. Override the default odo init image path by setting the ODO_BOOTSTRAPPER_IMAGE environment variable:

    PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"