XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
OC mirror OCI FBC GA
Feature Link:
OCPSTRAT-173 - OC mirror enhancements
Release Note Text:
New TargetCatalog field is added in the ImageSetConfig API for Operator, will replace TargetName (deprecated) in the future to allow for modifying more than just the catalog name in the destination registry.
Release Note Status:
In Progress

Sprint:
CFE Sprint 232
RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

As IBM user, I'd like to be able to specify the destination of the OCI FBC catalog in ImageSetConfig

So that I can control where that image is pushed to on the disconnected destination registry, because the path on disk to that OCI catalog doesn't make sense to be used in the component paths of the destination catalog.

Expected Inputs and Outputs - Counter Proposal

Examples provided assume that the current working directory is set to /tmp/cwdtest.

Instead of introducing a targetNamespace which is used in combination with targetName, this counter proposal introduces a targetCatalog field which supersedes the existing targetName field (which would be marked as deprecated). Users should transition from using targetName to targetCatalog, but if both happen to be specified, the targetCatalog is preferred and targetName is ignored. Any ISC that currently uses targetName alone should continue to be used as currently defined.

The rationale for targetCatalog is that some customers will have restrictions on where images can be placed. All IBM images always use a namespace. We therefore need a way to indicate where the CATALOG image is located within the context of the target registry... it can't just be placed in the root, so we need a way to configure this.

The targetCatalog field consists of an optional namespace followed by the target image name, described in extended Backus–Naur form below:

target-catalog = [namespace '/'] target-name
target-name    = path-component
namespace      = path-component ['/' path-component]*
path-component = alpha-numeric [separator alpha-numeric]*
alpha-numeric  = /[a-z0-9]+/
separator      = /[_.]|__|[-]*/

The target-name portion of targetCatalog represents the the image name in the final destination registry, and matches the definition/purpose of the targetName field. The namespace is only used for "placement" of the catalog image into the right "hierarchy" in the target registry. The target-name portion will be used in the catalog source metadata name, the file name of the catalog source, and target image reference.

Examples:

with namespace:

targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example

without namespace:

targetCatalog: ibm-zcon-zosconnect-example

Simple Flow

FBC image from docker registry

Command:

oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000

ISC

/Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76

ICSP

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

CatalogSource

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-catalog.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-catalog
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/cpopen/ibm-zcon-zosconnect-catalog:6f02ec
  sourceType: grpc

Simple Flow With Target Namespace

FBC image from docker registry (putting images into a destination "namespace")

Command:

oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000/foo

ISC

/Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76

ICSP

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/foo/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/foo/openshift4
    source: registry.redhat.io/openshift4

CatalogSource

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-catalog.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-catalog
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/foo/cpopen/ibm-zcon-zosconnect-catalog:6f02ec
  sourceType: grpc

Simple Flow With TargetCatalog / TargetTag

FBC image from docker registry (overriding the catalog name and tag)

Command:

oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000

ISC

/Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76
    targetCatalog: cpopen/ibm-zcon-zosconnect-example # NOTE: namespace now has to be provided along with the 
                                                      # target catalog name to preserve the namespace in the resulting image
    targetTag: v123

ICSP

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

CatalogSource

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/cpopen/ibm-zcon-zosconnect-example:v123
  sourceType: grpc

OCI Flow

FBC image from OCI path

In this example we're suggesting the use of a targetCatalog field.

Command:

oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http --use-oci-feature docker://localhost:5000

ISC

/Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: oci:///foo/bar/baz/ibm-zcon-zosconnect-catalog/amd64 # This is just a path to the catalog and has no special meaning
    targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example # <--- REQUIRED when using OCI and optional for docker images 
                                                           #               value is used within the context of the target registry
    # targetTag: v123                                      # <--- OPTIONAL

ICSP

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

CatalogSource

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/foo/bar/baz/ibm-zcon-zosconnect-example:6f02ec # Example uses "targetCatalog" set to 
                                                                       # "foo/bar/baz/ibm-zcon-zosconnect-example" at the 
                                                                       # destination registry localhost:5000
  sourceType: grpc

OCI Flow With Namespace

FBC image from OCI path (putting images into a destination "namespace" named "abc")

Command:

oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http --use-oci-feature docker://localhost:5000/abc

ISC

/Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: oci:///foo/bar/baz/ibm-zcon-zosconnect-catalog/amd64 # This is just a path to the catalog and has no special meaning
    targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example # <--- REQUIRED when using OCI and optional for docker images 
                                                           #               value is used within the context of the target registry
    # targetTag: v123                                      # <--- OPTIONAL

ICSP

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/abc/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/abc/openshift4
    source: registry.redhat.io/openshift4

CatalogSource

/tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example-catalog.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/abc/foo/bar/baz/ibm-zcon-zosconnect-example:6f02ec # Example uses "targetCatalog" set to 
                                                                           # "foo/bar/baz/ibm-zcon-zosconnect-example" at the
                                                                           # destination registry localhost:5000/abc
  sourceType: grpc

Attachments

Issue Links

split from

CFE-761 Improve user experience of oc-mirror with the OCI FBC feature

Closed

links to

openshift/oc-mirror#565: CFE-764 : Introduce v1alpha2.Operator.TargetCatalog

openshift/oc-mirror#568: First pass for multi architecture catalogs

openshift/oc-mirror#576: targetCatalog with OCI source catalog results in error: unable to parse reference oci://<targetCatalog>

Activity

People

Assignee:: Sherine Khoury

Reporter:: Sherine Khoury

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023/02/08 5:37 PM

Updated:: 2023/03/09 9:18 PM

Resolved:: 2023/02/28 3:51 PM