Uploaded image for project: 'OpenShift CFE'
  1. OpenShift CFE
  2. CFE-764

As IBM user, I'd like to be able to specify the destination of the OCI FBC catalog in ImageSetConfig

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • BU Product Work
    • 5
    • False
    • None
    • False
    • OCPSTRAT-173 - OC mirror enhancements
    • New TargetCatalog field is added in the ImageSetConfig API for Operator, will replace TargetName (deprecated) in the future to allow for modifying more than just the catalog name in the destination registry.
    • In Progress
    • CFE Sprint 232

      As IBM user, I'd like to be able to specify the destination of the OCI FBC catalog in ImageSetConfig

      So that I can control where that image is pushed to on the disconnected destination registry, because the path on disk to that OCI catalog doesn't make sense to be used in the component paths of the destination catalog.

      Expected Inputs and Outputs - Counter Proposal

      Examples provided assume that the current working directory is set to /tmp/cwdtest.

      Instead of introducing a targetNamespace which is used in combination with targetName, this counter proposal introduces a targetCatalog field which supersedes the existing targetName field (which would be marked as deprecated). Users should transition from using targetName to targetCatalog, but if both happen to be specified, the targetCatalog is preferred and targetName is ignored. Any ISC that currently uses targetName alone should continue to be used as currently defined.

      The rationale for targetCatalog is that some customers will have restrictions on where images can be placed. All IBM images always use a namespace. We therefore need a way to indicate where the CATALOG image is located within the context of the target registry... it can't just be placed in the root, so we need a way to configure this.

      The targetCatalog field consists of an optional namespace followed by the target image name, described in extended Backus–Naur form below:

      target-catalog = [namespace '/'] target-name
target-name    = path-component
namespace      = path-component ['/' path-component]*
path-component = alpha-numeric [separator alpha-numeric]*
alpha-numeric  = /[a-z0-9]+/
separator      = /[_.]|__|[-]*/

      The target-name portion of targetCatalog represents the the image name in the final destination registry, and matches the definition/purpose of the targetName field. The namespace is only used for "placement" of the catalog image into the right "hierarchy" in the target registry. The target-name portion will be used in the catalog source metadata name, the file name of the catalog source, and target image reference.

      Examples:

      • with namespace:

      targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example

      • without namespace:

      targetCatalog: ibm-zcon-zosconnect-example

      Simple Flow

      FBC image from docker registry

      Command:

      oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000

      ISC

      /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

      kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76

      ICSP

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

      apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

      CatalogSource

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-catalog.yaml

      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-catalog
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/cpopen/ibm-zcon-zosconnect-catalog:6f02ec
  sourceType: grpc

      Simple Flow With Target Namespace

      FBC image from docker registry (putting images into a destination "namespace")

      Command:

      oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000/foo

      ISC

      /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

      kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76

      ICSP

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

      apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/foo/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/foo/openshift4
    source: registry.redhat.io/openshift4

      CatalogSource

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-catalog.yaml

      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-catalog
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/foo/cpopen/ibm-zcon-zosconnect-catalog:6f02ec
  sourceType: grpc

      Simple Flow With TargetCatalog / TargetTag

      FBC image from docker registry (overriding the catalog name and tag)

      Command:

      oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http docker://localhost:5000

      ISC

      /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

      kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: icr.io/cpopen/ibm-zcon-zosconnect-catalog@sha256:6f02ecef46020bcd21bdd24a01f435023d5fc3943972ef0d9769d5276e178e76
    targetCatalog: cpopen/ibm-zcon-zosconnect-example # NOTE: namespace now has to be provided along with the 
                                                      # target catalog name to preserve the namespace in the resulting image
    targetTag: v123

      ICSP

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

      apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

      CatalogSource

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example.yaml

      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/cpopen/ibm-zcon-zosconnect-example:v123
  sourceType: grpc

      OCI Flow

      FBC image from OCI path

      In this example we're suggesting the use of a targetCatalog field.

      Command:

      oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http --use-oci-feature docker://localhost:5000

      ISC

      /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

      kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: oci:///foo/bar/baz/ibm-zcon-zosconnect-catalog/amd64 # This is just a path to the catalog and has no special meaning
    targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example # <--- REQUIRED when using OCI and optional for docker images 
                                                           #               value is used within the context of the target registry
    # targetTag: v123                                      # <--- OPTIONAL

      ICSP

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

      apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/openshift4
    source: registry.redhat.io/openshift4

      CatalogSource

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example.yaml

      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/foo/bar/baz/ibm-zcon-zosconnect-example:6f02ec # Example uses "targetCatalog" set to 
                                                                       # "foo/bar/baz/ibm-zcon-zosconnect-example" at the 
                                                                       # destination registry localhost:5000
  sourceType: grpc

      OCI Flow With Namespace

      FBC image from OCI path (putting images into a destination "namespace" named "abc")

      Command:

      oc mirror -c /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml --dest-skip-tls --dest-use-http --use-oci-feature docker://localhost:5000/abc

      ISC

      /Users/jhunkins/go/src/github.com/jchunkins/oc-mirror/ImageSetConfiguration.yml

      kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig: 
  local: 
    path: /tmp/localstorage
mirror: 
  operators: 
  - catalog: oci:///foo/bar/baz/ibm-zcon-zosconnect-catalog/amd64 # This is just a path to the catalog and has no special meaning
    targetCatalog: foo/bar/baz/ibm-zcon-zosconnect-example # <--- REQUIRED when using OCI and optional for docker images 
                                                           #               value is used within the context of the target registry
    # targetTag: v123                                      # <--- OPTIONAL

      ICSP

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/imageContentSourcePolicy.yaml

      apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata: 
  labels: 
    operators.openshift.org/catalog: "true"
  name: operator-0
spec: 
  repositoryDigestMirrors: 
  - mirrors: 
    - localhost:5000/abc/cpopen
    source: icr.io/cpopen
  - mirrors: 
    - localhost:5000/abc/openshift4
    source: registry.redhat.io/openshift4

      CatalogSource

      /tmp/cwdtest/oc-mirror-workspace/results-1675716807/catalogSource-ibm-zcon-zosconnect-example-catalog.yaml

      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata: 
  name: ibm-zcon-zosconnect-example
  namespace: openshift-marketplace
spec: 
  image: localhost:5000/abc/foo/bar/baz/ibm-zcon-zosconnect-example:6f02ec # Example uses "targetCatalog" set to 
                                                                           # "foo/bar/baz/ibm-zcon-zosconnect-example" at the
                                                                           # destination registry localhost:5000/abc
  sourceType: grpc

              skhoury@redhat.com Sherine Khoury
              skhoury@redhat.com Sherine Khoury
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: