diff --git a/image-sync/configuration/mvp-oc-mirror.yml b/image-sync/configuration/mvp-oc-mirror.yml deleted file mode 100644 index 577f6cdf7f..0000000000 --- a/image-sync/configuration/mvp-oc-mirror.yml +++ /dev/null @@ -1,30 +0,0 @@ -kind: ImageSetConfiguration -apiVersion: mirror.openshift.io/v1alpha2 -storageConfig: - registry: - imageURL: arohcpdev.azurecr.io/mirror/oc-mirror-metadata - skipTLS: false -mirror: - platform: - architectures: - - multi - - amd64 - channels: - - name: stable-4.16 - minVersion: 4.16.0 - maxVersion: 4.16.3 - type: ocp - - name: stable-4.17 - minVersion: 4.17.0 - maxVersion: 4.17.0 - type: ocp - graph: true - additionalImages: - - name: registry.redhat.io/redhat/redhat-operator-index:v4.16 - - name: registry.redhat.io/redhat/certified-operator-index:v4.16 - - name: registry.redhat.io/redhat/community-operator-index:v4.16 - - name: registry.redhat.io/redhat/redhat-marketplace-index:v4.16 - - name: registry.redhat.io/redhat/redhat-operator-index:v4.17 - - name: registry.redhat.io/redhat/certified-operator-index:v4.17 - - name: registry.redhat.io/redhat/community-operator-index:v4.17 - - name: registry.redhat.io/redhat/redhat-marketplace-index:v4.17 diff --git a/image-sync/deployment/Makefile b/image-sync/deployment/Makefile index e49d7b9111..75f0e8ed35 100644 --- a/image-sync/deployment/Makefile +++ b/image-sync/deployment/Makefile @@ -25,11 +25,12 @@ deploy-oc-mirror: --set serviceAccountName=image-sync \ --set azureClientId=$${AZURE_SYNC_MI_CLIENT_ID} \ --set acrRegistryName=${ARO_HCP_IMAGE_ACR} \ + --set stableVersions="4.16\,4.17" \ --set azureTenantId=$${TENANT_ID} \ --set ocmirrorImage="arohcpdev.azurecr.io/image-sync/ocmirror" \ --set ocmirrorTag=latest \ --set credsPullSecret=pull-secret \ - --set credsKeyVaultName=service-kv-aro-hcp-dev + --set credsKeyVaultName=aro-hcp-dev-svc-kv deploy: deploy-shared deploy-component-sync deploy-oc-mirror diff --git a/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml b/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml index dd2c0aa423..92d9a029b4 100644 --- a/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml +++ b/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml @@ -29,24 +29,21 @@ spec: containers: - image: "{{ .Values.ocmirrorImage }}:{{ .Values.ocmirrorTag }}" name: oc-mirror - command: ["oc-mirror", "--continue-on-error", "--config", "/etc/oc-mirror/imageset-config.yml", "docker://{{ .Values.acrRegistryName }}.azurecr.io"] workingDir: "/workspace" env: - name: XDG_RUNTIME_DIR value: /etc/ + - name: REGISTRY_URL + value: "{{ .Values.acrRegistryName }}.azurecr.io" + - name: STABLE_VERSIONS + value: "{{ .Values.stableVersions }}" volumeMounts: - - name: oc-mirror-config - mountPath: "/etc/oc-mirror" - readOnly: true - name: pull-secrets-updated mountPath: "/etc/containers" readOnly: true - name: workspace mountPath: "/workspace" volumes: - - name: oc-mirror-config - configMap: - name: oc-mirror-config - name: workspace emptyDir: {} - name: pull-secrets-updated diff --git a/image-sync/deployment/ocmirrorCronjob/values.yaml b/image-sync/deployment/ocmirrorCronjob/values.yaml index 835a6dcf65..57e2e1d231 100644 --- a/image-sync/deployment/ocmirrorCronjob/values.yaml +++ b/image-sync/deployment/ocmirrorCronjob/values.yaml @@ -1,4 +1,5 @@ acrRegistryName: "" +stableVersions: "" azureClientId: "" azureTenantId: "" diff --git a/image-sync/oc-mirror/Dockerfile b/image-sync/oc-mirror/Dockerfile index f307dda623..c19a9bfa6e 100644 --- a/image-sync/oc-mirror/Dockerfile +++ b/image-sync/oc-mirror/Dockerfile @@ -1,9 +1,9 @@ -FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS downloader +FROM --platform=linux/amd64 mcr.microsoft.com/cbl-mariner/base/core:2.0 AS downloader RUN set -eux; \ # Upgrade all packages per https://eng.ms/docs/more/containers-secure-supply-chain/updating tdnf update -y; \ - tdnf -y install unzip wget tar ca-certificates; \ + tdnf -y install unzip wget tar ca-certificates; \ tdnf clean all ENV OC_VERSION=4.16.3 @@ -17,19 +17,22 @@ RUN curl -sfL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VER tar -zvxf oc-mirror.tar.gz && \ mv oc-mirror /usr/local/bin -FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +FROM --platform=linux/amd64 mcr.microsoft.com/cbl-mariner/base/core:2.0 RUN mkdir --mode=777 /workspace; \ + mkdir --mode=777 /config; \ tdnf update -y; \ tdnf -y install ca-certificates; \ tdnf clean all WORKDIR /workspace +ADD mirror.sh /usr/local/bin/mirror.sh + COPY --chown=0:0 --chmod=755 --from=downloader \ /usr/local/bin/oc-mirror \ /usr/local/bin/oc \ /usr/local/bin/kubectl \ /usr/local/bin/ -ENTRYPOINT ["oc-mirror", "--continue-on-error", "--config", "/etc/oc-mirror/imageset-config.yml"] +ENTRYPOINT ["/usr/local/bin/mirror.sh"] diff --git a/image-sync/oc-mirror/Makefile b/image-sync/oc-mirror/Makefile index e62cfc6db2..08e80618c8 100644 --- a/image-sync/oc-mirror/Makefile +++ b/image-sync/oc-mirror/Makefile @@ -9,7 +9,6 @@ OC_MIRROR_IMAGE_TAGGED ?= $(OC_MIRROR_IMAGE):$(COMMIT) build-push: image push image: - cp ../configuration/mvp-oc-mirror.yml config.yml docker build --platform="linux/amd64" -f "./Dockerfile" -t ${OC_MIRROR_IMAGE_TAGGED} . push: image diff --git a/image-sync/oc-mirror/README.md b/image-sync/oc-mirror/README.md index 74a4c796b3..17e26d3bd5 100644 --- a/image-sync/oc-mirror/README.md +++ b/image-sync/oc-mirror/README.md @@ -4,39 +4,34 @@ This container contains oc-mirror end required dependencies. ## Example usage for devarohcp - * Build the container image `podman build -t oc-mirror .` - * Alternatively, use `make image` - * Get credentials for Openshift registries https://console.redhat.com/openshift/install/pull-secret - * Get Azure registry credentials `az acr login -n devarohcp` - * Run the sync using the built container +- Build the container image `podman build -t oc-mirror .` +- Alternatively, use `make image` +- Get credentials for Openshift registries https://console.redhat.com/openshift/install/pull-secret +- Get Azure registry credentials `DOCKER_COMMAND=podman az acr login --name arohcpdev` +- Run the sync using the built container + +On Linux + ```BASH podman run -it --rm --tmpfs /oc-mirror-workspace \ -e XDG_RUNTIME_DIR=/ \ - -v $PWD/imageset-config.yml:/imageset-config.yml:Z \ + -e STABLE_VERSIONS=4.16,4.17 \ + -e REGISTRY_URL=arohcpdev.azurecr.io \ -v $HOME/.docker/config.json:/containers/auth.json:Z \ oc-mirror \ - oc mirror --config=/imageset-config.yml docker://devarohcp.azurecr.io --dry-run + --dry-run ``` -Note, the above command will run the sync in dry-run mode. To run the sync, remove the `--dry-run` flag. +On OSX -## Example configuration - -The following is an example of the configuration file `imageset-config.yml`. - -This exact configuration was used in the initial testing of the `oc-mirror` tool. - -```YAML -kind: ImageSetConfiguration -apiVersion: mirror.openshift.io/v1alpha2 -storageConfig: - registry: - imageURL: devarohcp.azurecr.io/mirror/oc-mirror-metadata - skipTLS: false -mirror: - platform: - channels: - - name: stable-4.16 - type: ocp - graph: true +```BASH +podman run -it --rm --tmpfs /oc-mirror-workspace \ + -e XDG_RUNTIME_DIR=/ \ + -e STABLE_VERSIONS=4.16,4.17 \ + -e REGISTRY_URL=arohcpdev.azurecr.io \ + -v $HOME/.config/containers/auth.json:/containers/auth.json:Z \ + oc-mirror \ + --dry-run ``` + +Note, the above command will run the sync in dry-run mode. To run the sync, remove the `--dry-run` flag. diff --git a/image-sync/oc-mirror/config.yml b/image-sync/oc-mirror/config.yml deleted file mode 100644 index 577f6cdf7f..0000000000 --- a/image-sync/oc-mirror/config.yml +++ /dev/null @@ -1,30 +0,0 @@ -kind: ImageSetConfiguration -apiVersion: mirror.openshift.io/v1alpha2 -storageConfig: - registry: - imageURL: arohcpdev.azurecr.io/mirror/oc-mirror-metadata - skipTLS: false -mirror: - platform: - architectures: - - multi - - amd64 - channels: - - name: stable-4.16 - minVersion: 4.16.0 - maxVersion: 4.16.3 - type: ocp - - name: stable-4.17 - minVersion: 4.17.0 - maxVersion: 4.17.0 - type: ocp - graph: true - additionalImages: - - name: registry.redhat.io/redhat/redhat-operator-index:v4.16 - - name: registry.redhat.io/redhat/certified-operator-index:v4.16 - - name: registry.redhat.io/redhat/community-operator-index:v4.16 - - name: registry.redhat.io/redhat/redhat-marketplace-index:v4.16 - - name: registry.redhat.io/redhat/redhat-operator-index:v4.17 - - name: registry.redhat.io/redhat/certified-operator-index:v4.17 - - name: registry.redhat.io/redhat/community-operator-index:v4.17 - - name: registry.redhat.io/redhat/redhat-marketplace-index:v4.17 diff --git a/image-sync/oc-mirror/imageset-config.yml b/image-sync/oc-mirror/imageset-config.yml deleted file mode 100644 index 176e266474..0000000000 --- a/image-sync/oc-mirror/imageset-config.yml +++ /dev/null @@ -1,16 +0,0 @@ -kind: ImageSetConfiguration -apiVersion: mirror.openshift.io/v1alpha2 -storageConfig: - registry: - imageURL: devarohcp.azurecr.io/mirror/oc-mirror-metadata - skipTLS: false -mirror: - platform: - channels: - - name: stable-4.16 - type: ocp - full: true - - name: stable-4.17 - type: ocp - full: true - graph: true diff --git a/image-sync/oc-mirror/imageset-config.yml.tmpl b/image-sync/oc-mirror/imageset-config.yml.tmpl new file mode 100644 index 0000000000..e3dde7ee70 --- /dev/null +++ b/image-sync/oc-mirror/imageset-config.yml.tmpl @@ -0,0 +1,25 @@ +kind: ImageSetConfiguration +apiVersion: mirror.openshift.io/v1alpha2 +storageConfig: + registry: + imageURL: {{ .RegistryUrl }}/mirror/oc-mirror-metadata + skipTLS: false +mirror: + platform: + architectures: + - multi + - amd64 + channels: + {{- range .StableVersions }} + - name: stable-{{ . }} + type: ocp + full: true + {{- end }} + graph: true + additionalImages: + {{- range .StableVersions }} + - name: registry.redhat.io/redhat/redhat-operator-index:v{{ . }} + - name: registry.redhat.io/redhat/certified-operator-index:v{{ . }} + - name: registry.redhat.io/redhat/community-operator-index:v{{ . }} + - name: registry.redhat.io/redhat/redhat-marketplace-index:v{{ . }} + {{- end }} diff --git a/image-sync/oc-mirror/mirror.sh b/image-sync/oc-mirror/mirror.sh new file mode 100755 index 0000000000..9ab4fdb00e --- /dev/null +++ b/image-sync/oc-mirror/mirror.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +echo ${IMAGE_SET_CONFIG} | base64 -d /config/imageset-config.yml +/usr/local/bin/oc-mirror --continue-on-error --config /config/imageset-config.yml docker://${REGISTRY_URL} @$