OpenShift 4.10 Image Mirroring for Airgap Environment

Zhimin Wen
7 min readMay 12, 2022
Image by Cock-Robin from Pixabay

OpenShift 4.10 has brought in some new features to streamline the installation of airgap/disconnected environment for the platform’s images, the operator’s images, and other normal images. Let's check it out.

A Mirror Registry with Red Hat Quay

A small-scale Quay can be set up on a Redhat Linux server with a single command-line tool, mirror-registry , such as

sudo ./mirror-registry install --quayRoot /mirror-registry --quayHostname mirror-registry.dev-ocp410.ibmcloud.io.cpak

With the Podman prerequisites, the mirror-registry package self contains the required container images for Quay. Supply the root directory, and the fully qualified hostname, the command line will set up the Quay registry on port 8443 with the initial username and password shown on the stdout. Note down it and you can log on to the Quay Web console.

Quay with container image populated.

If we check the containers, we can find quay-app, quay-redis, and quay-postgres respectively.

$ sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
545017b78cc3 registry.access.redhat.com/ubi8/pause:latest 2 days ago Up 2 days ago 0.0.0.0:8443->8443/tcp 18f367263971-infra
a459b415ff5a registry.redhat.io/rhel8/postgresql-10:1-161 run-postgresql 2 days ago Up 2 days ago 0.0.0.0:8443->8443/tcp quay-postgres
57024a204565 registry.redhat.io/rhel8/redis-6:1-25 run-redis 2 days ago Up 2 days ago 0.0.0.0:8443->8443/tcp quay-redis
2f6dabdd71b0 registry.redhat.io/quay/quay-rhel8:v3.6.4 registry 2 days ago Up 2 days ago 0.0.0.0:8443->8443/tcp quay-app

The data and configuration are store in the quayRoot defined when we run the command line installer,

$ ls /mirror-registry
pg-data quay-config quay-rootCA quay-storage

We will need the self-signed certificate in the quay-rootCA/ folder later.

Mirror settings for platform images

--

--