Azure · geoberle · Oct 28, 2024 · Oct 28, 2024 · bennerv · Oct 30, 2024
diff --git a/image-sync/configuration/mvp-oc-mirror.yml b/image-sync/configuration/mvp-oc-mirror.yml
diff --git a/image-sync/deployment/Makefile b/image-sync/deployment/Makefile
@@ -25,11 +25,12 @@ deploy-oc-mirror:
 	--set serviceAccountName=image-sync \
 	--set azureClientId=$${AZURE_SYNC_MI_CLIENT_ID} \
 	--set acrRegistryName=${ARO_HCP_IMAGE_ACR} \
+	--set stableVersions="4.16\,4.17" \
 	--set azureTenantId=$${TENANT_ID} \
 	--set ocmirrorImage="arohcpdev.azurecr.io/image-sync/ocmirror" \
 	--set ocmirrorTag=latest \
 	--set credsPullSecret=pull-secret \
-	--set credsKeyVaultName=service-kv-aro-hcp-dev
+	--set credsKeyVaultName=aro-hcp-dev-svc-kv
 
 deploy: deploy-shared deploy-component-sync deploy-oc-mirror
 

diff --git a/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml b/image-sync/deployment/ocmirrorCronjob/templates/cronjobs.yaml
@@ -29,24 +29,21 @@ spec:
           containers:
           - image: "{{ .Values.ocmirrorImage }}:{{ .Values.ocmirrorTag }}"
             name: oc-mirror
-            command: ["oc-mirror", "--continue-on-error", "--config", "/etc/oc-mirror/imageset-config.yml", "docker://{{ .Values.acrRegistryName }}.azurecr.io"]
             workingDir: "/workspace"
             env:
               - name: XDG_RUNTIME_DIR
                 value: /etc/
+              - name: REGISTRY_URL
+                value: "{{ .Values.acrRegistryName }}.azurecr.io"
+              - name: STABLE_VERSIONS
+                value: "{{ .Values.stableVersions }}"
             volumeMounts:
-            - name: oc-mirror-config
-              mountPath: "/etc/oc-mirror"
-              readOnly: true
             - name: pull-secrets-updated
               mountPath: "/etc/containers"
               readOnly: true
             - name: workspace
               mountPath: "/workspace"
           volumes:
-          - name: oc-mirror-config
-            configMap:
-              name: oc-mirror-config
           - name: workspace
             emptyDir: {}
           - name: pull-secrets-updated

diff --git a/image-sync/deployment/ocmirrorCronjob/values.yaml b/image-sync/deployment/ocmirrorCronjob/values.yaml
@@ -1,4 +1,5 @@
 acrRegistryName: ""
+stableVersions: ""
 
 azureClientId: ""
 azureTenantId: ""

diff --git a/image-sync/oc-mirror/Dockerfile b/image-sync/oc-mirror/Dockerfile
@@ -1,9 +1,9 @@
-FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS downloader
+FROM --platform=linux/amd64 mcr.microsoft.com/cbl-mariner/base/core:2.0 AS downloader
 
 RUN set -eux; \
 # Upgrade all packages per https://eng.ms/docs/more/containers-secure-supply-chain/updating
     tdnf update -y; \
-    tdnf -y install unzip wget tar ca-certificates; \ 
+    tdnf -y install unzip wget tar ca-certificates; \
     tdnf clean all
 
 ENV OC_VERSION=4.16.3
@@ -17,19 +17,22 @@ RUN curl -sfL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VER
     tar -zvxf oc-mirror.tar.gz && \
     mv oc-mirror /usr/local/bin
 
-FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
+FROM --platform=linux/amd64 mcr.microsoft.com/cbl-mariner/base/core:2.0
 
 RUN mkdir --mode=777 /workspace; \
+    mkdir --mode=777 /config; \
     tdnf update -y; \
     tdnf -y install ca-certificates; \
     tdnf clean all
 
 WORKDIR /workspace
 
+ADD mirror.sh /usr/local/bin/mirror.sh
+
 COPY --chown=0:0 --chmod=755 --from=downloader \
     /usr/local/bin/oc-mirror \
     /usr/local/bin/oc \
     /usr/local/bin/kubectl \
     /usr/local/bin/
 
-ENTRYPOINT ["oc-mirror", "--continue-on-error", "--config", "/etc/oc-mirror/imageset-config.yml"] 
+ENTRYPOINT ["/usr/local/bin/mirror.sh"]
diff --git a/image-sync/oc-mirror/Makefile b/image-sync/oc-mirror/Makefile
@@ -9,7 +9,6 @@ OC_MIRROR_IMAGE_TAGGED ?= $(OC_MIRROR_IMAGE):$(COMMIT)
 build-push: image push
 
 image:
-	cp ../configuration/mvp-oc-mirror.yml config.yml
 	docker build --platform="linux/amd64" -f "./Dockerfile" -t ${OC_MIRROR_IMAGE_TAGGED} .
 
 push: image

diff --git a/image-sync/oc-mirror/README.md b/image-sync/oc-mirror/README.md
@@ -4,39 +4,34 @@ This container contains oc-mirror end required dependencies.
 
 ## Example usage for devarohcp
 
- * Build the container image `podman build -t oc-mirror .`
- * Alternatively, use `make image`
- * Get credentials for Openshift registries https://console.redhat.com/openshift/install/pull-secret
- * Get Azure registry credentials `az acr login -n devarohcp`
- * Run the sync using the built container
+- Build the container image `podman build -t oc-mirror .`
+- Alternatively, use `make image`
+- Get credentials for Openshift registries https://console.redhat.com/openshift/install/pull-secret
+- Get Azure registry credentials `DOCKER_COMMAND=podman az acr login --name arohcpdev`
+- Run the sync using the built container
+
+On Linux
+
 ```BASH
 podman run -it --rm --tmpfs /oc-mirror-workspace \
   -e XDG_RUNTIME_DIR=/ \
-  -v $PWD/imageset-config.yml:/imageset-config.yml:Z \
+  -e STABLE_VERSIONS=4.16,4.17 \
+  -e REGISTRY_URL=arohcpdev.azurecr.io \
   -v $HOME/.docker/config.json:/containers/auth.json:Z \
   oc-mirror \
-  oc mirror --config=/imageset-config.yml docker://devarohcp.azurecr.io --dry-run
+  --dry-run
 ```
 
-Note, the above command will run the sync in dry-run mode. To run the sync, remove the `--dry-run` flag.
+On OSX
 
-## Example configuration
-
-The following is an example of the configuration file `imageset-config.yml`.
-
-This exact configuration was used in the initial testing of the `oc-mirror` tool.
-
-```YAML
-kind: ImageSetConfiguration
-apiVersion: mirror.openshift.io/v1alpha2
-storageConfig:
-  registry:
-    imageURL: devarohcp.azurecr.io/mirror/oc-mirror-metadata
-    skipTLS: false
-mirror:
-  platform:
-    channels:
-      - name: stable-4.16
-        type: ocp
-    graph: true
+```BASH
+podman run -it --rm --tmpfs /oc-mirror-workspace \
+  -e XDG_RUNTIME_DIR=/ \
+  -e STABLE_VERSIONS=4.16,4.17 \
+  -e REGISTRY_URL=arohcpdev.azurecr.io \
+  -v $HOME/.config/containers/auth.json:/containers/auth.json:Z \
+  oc-mirror \
+  --dry-run
 ```
+
+Note, the above command will run the sync in dry-run mode. To run the sync, remove the `--dry-run` flag.
diff --git a/image-sync/oc-mirror/config.yml b/image-sync/oc-mirror/config.yml
diff --git a/image-sync/oc-mirror/imageset-config.yml b/image-sync/oc-mirror/imageset-config.yml
diff --git a/image-sync/oc-mirror/imageset-config.yml.tmpl b/image-sync/oc-mirror/imageset-config.yml.tmpl
@@ -0,0 +1,25 @@
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+storageConfig:
+  registry:
+    imageURL: {{ .RegistryUrl }}/mirror/oc-mirror-metadata
+    skipTLS: false
+mirror:
+  platform:
+    architectures:
+      - multi
+      - amd64
+    channels:
+      {{- range .StableVersions }}
+      - name: stable-{{ . }}
+        type: ocp
+        full: true
+      {{- end }}
+    graph: true
+  additionalImages:
+  {{- range .StableVersions }}
+  - name: registry.redhat.io/redhat/redhat-operator-index:v{{ . }}
+  - name: registry.redhat.io/redhat/certified-operator-index:v{{ . }}
+  - name: registry.redhat.io/redhat/community-operator-index:v{{ . }}
+  - name: registry.redhat.io/redhat/redhat-marketplace-index:v{{ . }}
+  {{- end }}
diff --git a/image-sync/oc-mirror/mirror.sh b/image-sync/oc-mirror/mirror.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo ${IMAGE_SET_CONFIG} | base64 -d /config/imageset-config.yml
+/usr/local/bin/oc-mirror --continue-on-error --config /config/imageset-config.yml docker://${REGISTRY_URL} @$