Customer Problem: OpenShift clusters are usually production environments that are all running without direct internet connectivity. Quay is preferably installed of an OpenShift cluster. At the same time Quay is a pre-requisite to install OpenShift in a disconnected environment which results in a chicken/egg problem. Customers want a supported and easy way to install OpenShift clusters and production Quay instances within air-gapped environments.

Goal: Make seeding the installation content for Quay and OpenShift trivial via automation and support for offline-media.

Why is this important: Many customers run with an actual air-gap between their network perimeter and production clusters. That is, there is no system that has physical network access to a DMZ and the production clusters. Any content transfer happens with offline media. Assembling this offline transfer is a tedious and manual task that every customer has to learn from scratch and built their own automation around it.

How does the ideal solution look like: A customer in a highly regulated industry (health care, FSI, Government) can install a mirroring appliance on a server node at the network perimeter. The mirroring appliance is a canned, simplistic quay deployment pre-configured to continuously mirror the entire release payload of Quay, OpenShift and OperatorHub, given a certain release or range or releases. After startup and the initial mirroring is automatically started. Mirroring is continuously happening to receive z-stream updates. A UI and/or CLI can be used to reason about the mirroring progress and content. In the case of an air-gap the mirrored content can be exported to disk and a second mirroring appliance can be stood up in the internal network, which is then configured create a mirror from a disk location which is populated with offline media from the first mirror. In case there is no air-gap the initial mirroring appliance will be used as a source for install and subsequent updates of OCP and Quay. This way release payload is constantly mirrored and made available securely to disconnected clusters.

Prioritized deliverables:

• all-in-one scripted installer that minimally deploys Quay and enables Mirroring on a single RHEL machine
• integrated mirroring of all OpenShift, OperatorHub and Quay release content, given a certain version
• all-in-one installer which automatically configures mirroring of above content right after Quay deployment finishes
• the ability to mirror to and from disk continuously