Light

xcliu-ca / rosa-icsp-gps Goto Github PK

View Code? Open in Web Editor NEW

0.0 1.0 1.0 62 KB

rosa with hosted control plan enables imagecontentsourcepolicy and global pull secret

Dockerfile 1.99% JavaScript 31.52% Shell 66.49%

rosa-icsp-gps's Introduction

Syncing global pull secret and image content source policy in ROSA with hosted control plane

Global Pull Secret is supported but does not sync to nodes

oc -n openshift-config get secret pull-secret -o jsonpath="{.data.\.dockerconfigjson}" | base64 -d | jq
oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=dockerconfig.json
should be synced to worker:/var/lib/kubelet/config.json
worker nodes reboot needed

Image Content Source Policy | Image Digest Mirror Set is supported but does not sync to nodes

oc get imagecontentsourcepolicy -o yaml | oc get imagedigestmirrorset -o yaml
should be synced to worker:/etc/containers/registries.conf
worker nodes reboot required

Solution

deploy a deamonset to run on worker nodes
the container mount worker filesystem
the container sychronizes Global Pull Secret to disk
the container sychronizes Image Content Source Policy | Image Digest Mirror Set to disk
worker reboot attempted

Benefit

easy with a daemonset deploy
no difference thereafter with regular openshift env see current limits
flexible (no pre-defined staff)

Steps

have oc cli available
have oc configured
~~export your AWS access key and secret key export AWS_ACCESS_KEY=replace-with-your-access-key; export AWS_SECRET_ACCESS_KEY=replace-with-your-secret-key~~
~~[if prompted] export your rosa cluster region information export AWS_REGION=replace-with-cluster-region~~
install daemonset by executing script ./enabler.sh (it also create CRD/machineconfig if not present)
treat rosa with hosted control plane no difference with other openshift env

current limit

rosa with hosted control plane revert its default secret/pull-secret, so use secret/pull-secret-hcp for now
rosa with hosted control plane reverts its default imagecontentsourcepolicy/cluster, so create new imagecontentsourcepolicy | imagedigestmirrorset items
~~cluster nodes should be in the same aws region (for rebooting)~~

rosa-icsp-gps's People

Contributors

Watchers

Forkers

rm3l

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.