How To
Summary
How does an administrator configure their offline or disconnected cluster to point to the local operator hub clone on a Red Hat® OpenShift Container Platform® (RHOCP)?
Objective
In cases where IBM Cloud Pak solutions need to be installed in an air-gapped environment. The term air-gapped refers to environments that are offline or disconnected to the internet. Air-gapped installation requires that you enable the IBM operator catalog to imitate an online installation by using images in your own registry. This article explains how to configure an air-gapped installation.
Steps
Before you begin
- Prerequisite: Install a mirror Operator hub. For information about this topic, refer to Mirroring images for a disconnected installation.
- Log in to the RHOCP as kuberadmin / admin.
oc login https://<IP address or fully qualified host domain name>:6443 - Change to the default project.
oc project default - Patch the operator hub to disable the default resources.
oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' - Navigate to the registry clone manifest index.
Note: The index was created during the step where you created a mirror Operator hub.cd /root/registry-clone/manifests-redhat-operator-index-<index value> - Apply the catalogSource.yaml and imageContentSourcePolicy.yaml that is created by the mirroring process.
Note: You need to wait for the nodes to recycle or reboot.oc apply -f catalogSource.yaml oc apply -f imageContentSourcePolicy.yaml - Verify they all nodes are restarted and in a ready state.
watch oc get nodes - Verify the Operator Hub is patched successfully.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' operatorhub.config.openshift.io/cluster patched - Verify the catalogSource.yaml is patched successfully.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc apply -f catalogSource.yaml catalogsource.operators.coreos.com/redhat-operator-index created - Verify the imageContentSourcePolicy.yaml is patched successfully.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc apply -f imageContentSourcePolicy.yaml imagecontentsourcepolicy.operator.openshift.io/redhat-operator-index created - Verify that nodes are running.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc get pods -n openshift-marketplace NAME READY STATUS RESTARTS AGE marketplace-operator-549b8565b7-4rjnt 1/1 Running 0 96m redhat-operator-index-t6jfx 1/1 Running 0 57s - Verify that nodes are published.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc get catalogsource -n openshift-marketplace NAME DISPLAY TYPE PUBLISHER AGE redhat-operator-index grpc 115s - Verify the node index manifests.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc get packagemanifest -n openshift-marketplace NAME CATALOG AGE openshift-gitops-operator 2m38s serverless-operator 2m38s awx-resource-operator 2m38s container-security-operator 2m38s openshift-pipelines-operator-rh 2m38s amq-streams 2m38s file-integrity-operator 2m38s submariner 2m38s quay-operator 2m38s mtc-operator 2m38s 3scale-operator 2m38s amq-broker 2m38s amq-broker-rhel8 2m38s service-telemetry-operator 2m38s red-hat-camel-k 2m38s jaeger-product 2m38s rhacs-operator 2m38s jws-operator 2m38s nfd 2m38s clusterresourceoverride 2m38s fuse-console 2m38s web-terminal 2m38s ptp-operator 2m38s eap 2m38s compliance-operator 2m38s servicemeshoperator 2m38s advanced-cluster-management 2m38s gatekeeper-operator-product 2m38s ansible-automation-platform-operator 2m38s kubevirt-hyperconverged 2m38s integration-operator 2m38s metering-ocp 2m38s fuse-online 2m38s service-registry-operator 2m38s codeready-workspaces 2m38s amq-broker-lts 2m38s amq7-interconnect-operator 2m38s rhpam-kogito-operator 2m38s amq7-cert-manager-operator 2m38s windows-machine-config-operator 2m38s cincinnati-operator 2m38s local-storage-operator 2m38s elasticsearch-operator 2m38s apicast-operator 2m38s datagrid 2m38s klusterlet-product 2m38s cluster-logging 2m38s vertical-pod-autoscaler 2m38s costmanagement-metrics-operator 2m38s smart-gateway-operator 2m38s rh-service-binding-operator 2m38s performance-addon-operator 2m38s kiali-ossm 2m38s amq-online 2m38s skupper-operator 2m38s businessautomation-operator 2m38s ocs-operator 2m38s sriov-network-operator 2m38s fuse-apicurito 2m38s rhsso-operator 2m38s cluster-kube-descheduler-operator 2m38s quay-bridge-operator 2m38s openshift-jenkins-operator 2m38s - Verify that that controllers are running.
[root@cp4s-sse-service manifests-redhat-operator-index-<Index number>]# oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE authentication 4.6.18 True False False 96m cloud-credential 4.6.18 True False False 2d11h cluster-autoscaler 4.6.18 True False False 2d11h config-operator 4.6.18 True False False 2d11h console 4.6.18 True False False 98m csi-snapshot-controller 4.6.18 True False False 102m dns 4.6.18 True False False 2d11h etcd 4.6.18 True False False 2d11h image-registry 4.6.18 True False False 2d11h ingress 4.6.18 True False False 2d11h insights 4.6.18 True False False 2d11h kube-apiserver 4.6.18 True False False 2d11h kube-controller-manager 4.6.18 True False False 2d11h kube-scheduler 4.6.18 True False False 2d11h kube-storage-version-migrator 4.6.18 True False False 96m machine-api 4.6.18 True False False 2d11h machine-approver 4.6.18 True False False 2d11h machine-config 4.6.18 True False False 2d11h marketplace 4.6.18 True False False 3m monitoring 4.6.18 True False False 2d11h network 4.6.18 True False False 2d11h node-tuning 4.6.18 True False False 2d11h openshift-apiserver 4.6.18 True False False 2d11h openshift-controller-manager 4.6.18 True False False 2d11h openshift-samples 4.6.18 True False False 2d11h operator-lifecycle-manager 4.6.18 True False False 2d11h operator-lifecycle-manager-catalog 4.6.18 True False False 2d11h operator-lifecycle-manager-packageserver 4.6.18 True False False 99m service-ca 4.6.18 True False False 2d11h storage 4.6.18 True False False 2d11h - Log in to the RHOCP Admin UI and ensure that the OperatorHub is populated with the operators.
Results
If you can log in to the RHOCP Admin UI with no errors, the OperatorHub repointing is completed.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m3p0000000rbnAAA","label":"Administration Task"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
04 October 2022
UID
ibm16826023