oc-mirror
is an OpenShift Client (oc) plugin that manages OpenShift release, operator catalog, helm charts, and associated container images for mirror registries that support OpenShift environments.
The mirror registry reg.mirror.com
is used in this example.
Replace this value with a real registry host, or create a docker.io/library/registry:2
container locally.\
DISCLAIMER:
oc-mirror
is not compatible with Quay below version 3.6.
Example configurations can be found in the docs here
~/.docker/config.json
1.
make build
IMPORTANT: Backends must be configured to utilize the lifecycle management features of
oc-mirror
. Examples are below.apiVersion: mirror.openshift.io/v1alpha2 kind: ImageSetConfiguration archiveSize: 1 storageConfig: local: path: /home/user/workspace
apiVersion: mirror.openshift.io/v1alpha2 kind: ImageSetConfiguration storageConfig: registry: imageURL: localhost:5000/metadata:latest skipTLS: true
Lifecycle Management
There is a common misconception that oc-mirror is only a container image mirroring utility. This is partially accurate. In addition to image mirroring, oc-mirror optionally performs content deletions from mirror registries. When content is added to an imageset configuration, that content is published to a mirror registry. When content is removed from an imageset configuration, that content is removed from the mirror registry. This ensures that content is safely removed from the mirror registry when the user specifies.
If a user does not desire content removal from a mirror registry, they can either not remove that content from their imageset configuration or they can publish using a registry account that does not have permissions to perform content deletions. If a user chooses to disallow pruning using an account without permission to perform deletions, the --continue-on-error
flag must be used in conjunction with the publishing operation to the mirror registry.
oc-mirror
run
./bin/oc-mirror list updates imageset-config.yaml
./bin/oc-mirror list releases --version=4.9
./bin/oc-mirror list releases --channels --version=4.9
./bin/oc-mirror list releases --channel=fast-4.9
./bin/oc-mirror list operators --catalogs --version=4.9
./bin/oc-mirror list operators --catalog=catalog-name
./bin/oc-mirror list operators --catalog=catalog-name --package=package-name
./bin/oc-mirror list operators --catalog=catalog-name --package=package-name --channel=channel-name
Note: These workflows are compatible and can be used interchangeably for the same mirror registry.
Note: oc-mirror metadata is always stored where specified by the user and in an expected location managed by oc-mirror (always "registry/namespace/oc-mirror:UUID). This allows a user to seamlessly switch between a fully-disconnected workflow and a partially disconnected workflow.
./bin/oc-mirror --config imageset-config.yaml file://archives
./bin/oc-mirror --from /path/to/archives docker://reg.mirror.com
./bin/oc-mirror --config imageset-config.yaml docker://localhost:5000
describe
./bin/oc-mirror describe /path/to/archives
./bin/oc-mirror list updates imageset-config.yaml
For configuration and options, see the expanded overview and usage docs.
1 For this example, the create
and publish
steps are run on the same machine. Therefore your ~/.docker/config.json
or ${XDG_RUNTIME_DIR}/containers/auth.json
should contain auth config for both release/catalog source images and your mirror registry.
See the config spec for an in-depth description of fields.
Note: The imageset-config.yaml
is only used during bundle creation.
go
version 1.17+make
./bin/oc-mirror -h
Note: Using oc-mirror init
with local builds may result in unexpected release channel names.
Unit:
make test-unit
E2E:
make test-e2e