Airgap Installation for OpenShift Operators
Airgap installation is always a challenging thing for OpenShift. By setting up a mirror registry and applying ImageContentSourcePolicy CRD to the cluster, we can instruct the OCI container engine to retrieve the source image from its mirrored image hosted in the mirror registry. This solves the airgap images for the cluster and the apps.
There is still a 3rd type of image for an airgap environment to tackle, that is the Operator related images. This paper documents the Operator based installation in an air-gapped environment, the steps, and the hiccups, and how it is being resolved.
OpenShift manages operators through Operator Catalog.
An Operator catalog is a repository of metadata that Operator Lifecycle Manager (OLM) can query to discover and install Operators and their dependencies on a cluster.
To install an operator in an air-gapped environment, we first need to sync the operator catalog. Starting from OCP4.6, the operator catalog is released as a container image, called an index image.
Create a custom pruned index image
Let's see we are interested in the RedHat-operators of serverless (Knative), pipeline (Tekton), and service mesh (Istio) only. We can keep the operators that we are interested in, prune the rest.
First, we must know what are the available operators from the RedHat operator provider.
In an internet-connected box, run the following index image,
podman run -p50051:50051 --name operator-index -d registry.redhat.io/redhat/redhat-operator-index:v4.7Then download the grpcurl tool, run
grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.outFrom the output, we know the operators we are interested in are named as
- servicemeshoperator
- serverless-operator
- openshift-pipelines-operator-rh
We then use the opm tool to create a new pruned index image. The opm tool can be downloaded from this URL with OCP 4.7.2 release.
opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.7 -p…