Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-4968

Test operator in cluster with restricted networking

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • 3scale Operator
    • None
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Following doc: https://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html

      consolidated instructions 

      APP_REGISTRY="rh-verified-operators"
APP_REGISTRY_ORG="rh-verified-operators"
INTERNAL_REGISTRY="registry.internal.com:5000/images"

      Internal registry url is replaced with generic

      oc adm catalog build \
    --appregistry-endpoint https://quay.io/cnr \
    --appregistry-org ${APP_REGISTRY} \
    --to="${INTERNAL_REGISTRY}/${APP_REGISTRY_ORG}:v1"

oc adm catalog mirror \
    ${INTERNAL_REGISTRY}/${APP_REGISTRY_ORG}:v1 \
    ${INTERNAL_REGISTRY}

oc apply -f ./${APP_REGISTRY_ORG}-manifests
oc image mirror -f ${APP_REGISTRY_ORG}-manifests/mapping.txt 

oc patch OperatorHub cluster --type json \
    -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'

      We only need to disable Default Sources (last command) once for the disconnected cluster . This procedure would need to be done by the operations team at setup of the cluster.
      Note: oc apply -f ./${APP_REGISTRY_ORG}-manifests command will cause recycle of the worker nodes in the OCP cluster and may take some time

      Similarly we only need to add public certificate of the internal registry ones (if it secured registry , which is recommended) 

      oc create configmap user-ca-bundle -n openshift-config \
    --from-file=ca-bundle.crt=/path/to/certificate_file.crt

oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"user-ca-bundle"}}}' --type=merge

      https://docs.openshift.com/container-platform/4.3/builds/setting-up-trusted-ca.html#configmap-adding-ca_setting-up-trusted-ca

      oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: my-operator-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: ${INTERNAL_REGISTRY}/${APP_REGISTRY_ORG}:v1
  displayName: My Operator Catalog
  publisher: grpc
EOF

      At this point it is expected that OLM will have catalog installed and operator bundles to be available for deployment.

      Install 3scale
      ----------------------
      3scale was successfully deployed. Some smoke test were run. The smoke tests were very simple. Generate some traffic and ensure it is being validated using a 3scale valid application key. All tests passed.

              eguzki Eguzki Astiz Lezaun
              eguzki Eguzki Astiz Lezaun
              Filip Čáp Filip Čáp (Inactive)
              Eguzki Astiz Lezaun Eguzki Astiz Lezaun
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: