-
Epic
-
Resolution: Unresolved
-
Blocker
-
1.9.0
-
None
-
Support pulling index + plugins from registry.redhat.io within a container
-
False
-
-
False
-
-
To Do
-
RHDHPLAN-232 - Productization: Plugin Catalog / Extensions Marketplace (1.9)
-
QE Needed, Docs Needed, TE Needed, Customer Facing, PX Needed
-
73% To Do, 18% In Progress, 9% Done
-
Known Issue
-
-
EPIC Goal
What are we trying to solve here?
RHDH container cannot use skopeo to pull from reg.rhio as it requires authentication and doesn't easily share auth with the authentication that Openshift uses natively to pull from reg.rh.io
So rather than forcing customers to treat their OCP like it's k8s and inject another secret (as we'll document in RHDHBUGS-2494), we're looking at a solution that will:
- generate ImageStreams (OCP-only) for each of the referenced containers on reg.rh.io
- convert the index image to a runnable container which can deploy those ImageStreams in an init container (oc apply ...)
- implement mapping rules in a registries.conf file in the RHDH deployment so that when skopeo inspects or pulls an image, it uses the cluster's internal container registry via the associated ImageStreams
- ensure that the RHDH container does a skopeo login using an authfile so it has pull permission on the reg.rh.io
- is related to
-
RHIDP-11492 [Docs] Add registry auth secret for init container (skopeo) on non-OCP platforms
-
- Refinement
-
-
-
- Closed
-
- is triggered by
-
RHDHBUGS-2485 Init container won't start as it won't be able to pull official catalog index image/OCI plugins from registry.redhat.io without explicit auth on OCP (unlike image pulls by cluster nodes)
-
- In Progress
-
- relates to
-
-
- New
-
