Using ImageDigestMirrorSet (IDMS) in RHOCP 4
This article explains what is IDMS and how to create it in RHOCP 4.13 and above.
What is a IDMS?
Using an ImageContentSourcePolicy (ICSP) object to configure repository mirroring is a deprecated feature from v4.13. ICSP objects are being replaced by ImageDigestMirrorSet (IDMS) and ImageTagMirrorSet(ITMS) objects to configure repository mirroring.
Is it possible to use IDMS in install-config.yaml (pre-installation)?
No, Generation of IDMS and ITMS is not yet implemented in oc-mirror and OpenShift installer.
The related improvements for oc-mirror are tracked in (This content is not included.CFE#812)
How to create IDMS in OCP v4.13 and above?
Convert ImageContentSourcePolicy YAML files to ImageDigestMirrorSet YAML files to use IDMS.
Steps to convert ICSP yaml file to IDMS yaml file
- Ensure that the
ICSPobjects are present in the cluster using below command :
$ oc get ImageContentSourcePolicy
NAME AGE
image-policy-0 3d2h
image-policy-1 3d2h
- Run the below command to get the yaml output of above
ImageContentSourcePolicyone by one and save that output in new file with .yaml extension.
$ oc get ImageContentSourcePolicy image-policy-0 -o yaml > icsp0.yaml
$ oc get ImageContentSourcePolicy image-policy-1 -o yaml > icsp1.yaml
$ cat icsp0.yaml
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
creationTimestamp: "YYYY-MM-DDTHH:MM:SSZ"
generation: 1
name: image-policy-0
resourceVersion: "1105"
uid: c0cd0364-e19d-4029-8b43-bf09e9d7f2ec
spec:
repositoryDigestMirrors:
- mirrors:
- <mirror-registry>/openshift/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- Use below command to convert one or multiple
ICSPyaml toIDMSyaml file.
$ oc adm migrate icsp <file_name>.yaml <file_name>.yaml <file_name>.yaml --dest-dir <path_to_the_directory>
Where file_name which specifies the name of the source ImageContentSourcePolicy YAML and --dest-dir (optional) specifies a directory for the output ImageDigestMirrorSet YAML. If unset, the file is written to the current directory.
For example, the following command converts the icsp0.yaml and icsp1.yaml file and saves the new YAML files to the idms-files directory.
$ oc adm migrate icsp <iscp0>.yaml <icsp1.yaml> --dest-dir <idms-files>
wrote ImageDigestMirrorSet to idms-files/imagedigestmirrorset_image-policy-0.3934365192161207442.yaml
wrote ImageDigestMirrorSet to idms-files/imagedigestmirrorset_image-policy-1.7414808166559838133.yaml
- Before creating
IDMS, delete theImageContentSourcePolicyobjects present in the cluster. Wait for Machine Config updates to complete and MCPs to stabilize. All the pods will restart and some will be inImagePullBackOff. (Starting with 4.13.27, the ICSPs are not required to be deleted as they can coexist with IDMS & ITMS)
$ oc delete ImageContentSourcePolicy image-policy-0 image-policy-01
imagecontentsourcepolicy.operator.openshift.io "image-policy-0" deleted
imagecontentsourcepolicy.operator.openshift.io "image-policy-1" deleted
- Now create the
ImageDigestMirrorSet(IDMS) object by running the following command:
$ oc create -f <path_to_the_directory>/<file-name>.yaml
Here path_to_the_directory specifies the path to the directory, if the --dest-dir flag has been used and file_name specifies the name of the ImageDigestMirrorSet YAML.
For example, below command will create the ImageDigestMirrorSet by generated yaml file in idms-files directory. Wait for Machine Config updates to complete and MCPs to stabilize. All the pods in ImagePullBackOff will come back to running state.
$ oc create -f idms-files/imagedigestmirrorset_image-policy-0.3934365192161207442.yaml
imagedigestmirrorset.config.openshift.io/image-policy-0 created
$ oc create -f idms-files/imagedigestmirrorset_image-policy-1.7414808166559838133.yaml
imagedigestmirrorset.config.openshift.io/image-policy-1 created
- Now check the
ImageDigestMirrorSetobjects present in the cluster.
$ oc get idms
NAME AGE
image-policy-0 14m
image-policy-1 13m
Note: Ensure that the user is logged in with cluster-admin role.