$ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
Depending on the configuration of your cluster and your operating system you can either push the odo
init image to a mirror registry or directly to an internal registry.
Install oc
on the client operating system.
Install odo
on the client operating system.
Access to a restricted cluster with a configured internal registry or a mirror registry.
odo
init image to a mirror registryDepending on your operating system, you can push the odo
init image to a cluster with a mirror registry as follows:
Use base64
to encode the root certification authority (CA) content of your mirror registry:
$ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
Copy the encoded root CA certificate to the appropriate location:
$ sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crt
Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:
$ sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart / docker && docker login <mirror-registry>:5000 -u <username> -p <password>
Mirror the odo
init image:
$ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
$ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
Use base64
to encode the root certification authority (CA) content of your mirror registry:
$ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
Copy the encoded root CA certificate to the appropriate location:
Restart Docker using the Docker UI.
Run the following command:
$ docker login <mirror-registry>:5000 -u <username> -p <password>
Mirror the odo
init image:
$ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
$ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
Use base64
to encode the root certification authority (CA) content of your mirror registry:
PS C:\> echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
As an administrator, copy the encoded root CA certificate to the appropriate location by executing the following command:
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" disconnect-ca.crt
Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:
Restart Docker using the Docker UI.
Run the following command:
PS C:\WINDOWS\system32> docker login <mirror-registry>:5000 -u <username> -p <password>
Mirror the odo
init image:
PS C:\> oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>"
odo
init image to an internal registry directlyIf your cluster allows images to be pushed to the internal registry directly, push the odo
init image to the registry as follows:
Enable the default route:
$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
Get a wildcard route CA:
$ oc get secret router-certs-default -n openshift-ingress -o yaml
apiVersion: v1
data:
tls.crt: **************************
tls.key: ##################
kind: secret
metadata:
[...]
type: kubernetes.io/tls
Use base64
to encode the root certification authority (CA) content of your mirror registry:
$ echo <tls.crt> | base64 --decode > ca.crt
Trust a CA in your client platform:
$ sudo cp ca.crt /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker
Log into the internal registry:
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route <registry_path> image-registry <all> reencrypt None
$ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
Push the odo
init image:
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
$ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
$ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
Enable the default route:
$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
Get a wildcard route CA:
$ oc get secret router-certs-default -n openshift-ingress -o yaml
apiVersion: v1
data:
tls.crt: **************************
tls.key: ##################
kind: secret
metadata:
[...]
type: kubernetes.io/tls
Use base64
to encode the root certification authority (CA) content of your mirror registry:
$ echo <tls.crt> | base64 --decode > ca.crt
Trust a CA in your client platform:
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
Log into the internal registry:
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route <registry_path> image-registry <all> reencrypt None
$ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
Push the odo
init image:
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
$ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
$ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
Enable the default route:
PS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
Get a wildcard route CA:
PS C:\> oc get secret router-certs-default -n openshift-ingress -o yaml
apiVersion: v1
data:
tls.crt: **************************
tls.key: ##################
kind: secret
metadata:
[...]
type: kubernetes.io/tls
Use base64
to encode the root certification authority (CA) content of your mirror registry:
PS C:\> echo <tls.crt> | base64 --decode > ca.crt
As an administrator, trust a CA in your client platform by executing the following command:
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crt
Log into the internal registry:
PS C:\> oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route <registry_path> image-registry <all> reencrypt None
PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
Push the odo
init image:
PS C:\> docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
PS C:\> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
PS C:\> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
Override the default odo
init image path by setting the ODO_BOOTSTRAPPER_IMAGE
environment variable:
PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"