iam-veeramalla · June 21, 2021 11:42
diff --git a/Installing GitOps Operator Candidate in Disconnected Cluster b/Installing GitOps Operator Candidate in Disconnected Cluster
 0. Install the latest "oc" openshift-client and opm tool  

   https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest-4.7/

 1. Login as kubeadmin

 2. Connect to VPN

 (skip) 2.1. Disable default operator indices 

    $ oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources",
 "value": true}]'
   
 3. Extract pull secret of mirror registry to "authfile"

   $ oc get secrets pull-secret -n openshift-config -o template='{{index .data ".dockerconfigjson"}}' | base64 -d > authfile

   authfile looks like:
   {
        "auths": {
            "ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000": {
               "auth": "xxxxxxxxxxxxx"
            }
        }
  }

  ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000 is the <ec2 mirror registry>

 4. Add auth tokens of quay.io, "registry.redhat.io" to <authfile>

 5. Disable tls verify for ec2 mirror

   $ oc edit image.config.openshift.io/cluster
   
   and the following under spec.  Note: <ec2 mirror registry> without port just the host

 spec:
  allowedRegistriesForImport:
  - domainName: <ec2 mirror registry>
    insecure: true
  registrySources:
    insecureRegistries:
    - <ec2 mirror registry>
    
 6. Mirror (the mirrored index in quay.io) index/catalog to mirror registry

  $ oc adm catalog mirror -a authfile --insecure=true \
    quay.io/wtam/test-index@sha256:d9b2d9f19ab5b97867cd3f1cf3e2d02bb110d448699f8917d42cff74315a5ec5 <ec2 mirror registry> 

  When the above mirror command is done, it generates 3 files in a sub-directory
  
  ── manifests-test-index-1612951393
    ├── catalogSource.yaml
    ├── imageContentSourcePolicy.yaml
    └── mapping.txt

 7.oc apply -f manifests-test-index-1612951393l
 
 
 Done.  Now go to the dev console
	0. Install the latest "oc" openshift-client and opm tool

	https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest-4.7/

	1. Login as kubeadmin

	2. Connect to VPN

	(skip) 2.1. Disable default operator indices

	$ oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources",
	"value": true}]'

	3. Extract pull secret of mirror registry to "authfile"

	$ oc get secrets pull-secret -n openshift-config -o template='{{index .data ".dockerconfigjson"}}' \| base64 -d > authfile

	authfile looks like:
	{
	"auths": {
	"ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000": {
	"auth": "xxxxxxxxxxxxx"
	}
	}
	}

	ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000 is the <ec2 mirror registry>

	4. Add auth tokens of quay.io, "registry.redhat.io" to <authfile>

	5. Disable tls verify for ec2 mirror

	$ oc edit image.config.openshift.io/cluster

	and the following under spec. Note: <ec2 mirror registry> without port just the host

	spec:
	allowedRegistriesForImport:
	- domainName: <ec2 mirror registry>
	insecure: true
	registrySources:
	insecureRegistries:
	- <ec2 mirror registry>

	6. Mirror (the mirrored index in quay.io) index/catalog to mirror registry

	$ oc adm catalog mirror -a authfile --insecure=true \
	quay.io/wtam/test-index@sha256:d9b2d9f19ab5b97867cd3f1cf3e2d02bb110d448699f8917d42cff74315a5ec5 <ec2 mirror registry>

	When the above mirror command is done, it generates 3 files in a sub-directory

	── manifests-test-index-1612951393
	├── catalogSource.yaml
	├── imageContentSourcePolicy.yaml
	└── mapping.txt

	7.oc apply -f manifests-test-index-1612951393l


	Done. Now go to the dev console