search

ibm-mas / ansible-devops

Ansible collection supporting devops for IBM Maximo Application Suite
https://ibm-mas.github.io/ansible-devops/
Eclipse Public License 2.0
49 stars 83 forks source link

Support ImageDigestMirrorSet #1456

Open durera opened 3 weeks ago

durera commented 3 weeks ago

Feature and motivation

ImageContentSourcePolicy (ICSP) are the key artifact powering disconnected installations, however they have been deprecated since OCP 4.13. ImageDigestMirrorSet (IDMS) is the replacement technology, and it's a fairly simple conversion from one to the other.

IDMS are supported from OCP 4.13 onwards, so we needed to wait for OCP 4.12 end of life to avoid needing to dual support both technologies, that date has now passed, and we should handle this before it becomes a time critical problem that will block support of a new OCP release given our objective to support new releases within 30 days.

There is no announced date on when ICSP will be removed, and generally we find out at very short notice so we must not wait until after we hear that ICSP has been removed from an OCP release to take action.

The action required is two-fold:

Obviously there will be accompanying documentation updates as well.

When implementing the IDMS ensure to use the NeverContactSource mirrorSourcePolicy, as this represents the behavior our customer expect.

For more information refer to https://docs.openshift.com/container-platform/4.13/openshift_images/image-configuration.html

Although this is mostly being driven by currency concerns (avoiding this being a blocker for support of a future OCP release when ICSP are removed) multiple customers have indirectly asked for this work to be done; they want the functionality that the migration to IDMS enables whereby OpenShift changes from only using mirrors as a fallback after failing to contact the source registry, to using mirrors in the first instance and never even attempting to reach the source registry. Many have assumed that's how it worked and we have had multiple support tickets where confused customers didn't understand why images were still coming from ICR instead of their mirror, so this brings multiple benefits.

Usage example

This enhancement will apply to all future disconnected installs of MAS

witekwww commented 3 weeks ago

Side note: if You plan to migrate OpenShift images mirroring support as well, we need to create also ImageTagMirrorSet. Some of the images (like node debug for example) are pulled by tag, not by digest. With use of ImageDigestMirrorSet such pods will fail.