Skip to content

Commit

Permalink
OSDOCS-12021: Known issue with OLM v1 private registries
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelryanpeter committed Sep 25, 2024
1 parent 2c246a9 commit bfe725b
Show file tree
Hide file tree
Showing 14 changed files with 90 additions and 11 deletions.
7 changes: 6 additions & 1 deletion extensions/arch/catalogd.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,14 @@ include::snippets/technology-preview.adoc[]

{olmv1-first} uses the catalogd component and its resources to manage Operator and extension catalogs.

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

include::modules/olmv1-about-catalogs.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* xref:../../extensions/catalogs/fbc.adoc#fbc[File-based catalogs]
* xref:../../extensions/catalogs/managing-catalogs.adoc#olmv1-adding-a-catalog-to-a-cluster_managing-catalogs[Adding a catalog to a cluster]
* xref:../../extensions/catalogs/rh-catalogs.adoc#rh-catalogs[Red Hat-provided catalogs]
* xref:../../extensions/catalogs/rh-catalogs.adoc#rh-catalogs[Red Hat-provided catalogs]
7 changes: 6 additions & 1 deletion extensions/catalogs/creating-catalogs.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ include::snippets/technology-preview.adoc[]

Catalog maintainers can create new catalogs in the file-based catalog format for use with {olmv1-first} on {product-title}.

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

include::modules/olm-creating-fb-catalog-image.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
Expand All @@ -25,4 +30,4 @@ ifndef::openshift-dedicated,openshift-rosa[]
* xref:../../operators/understanding/olm-packaging-format.adoc#olm-deprecations-schema_olm-packaging-format[Packaging format -> Schemas -> olm.deprecations schema]
* xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#updating-mirror-registry-content[Mirroring images for a disconnected installation using the oc-mirror plugin -> Keeping your mirror registry content updated]
* xref:../../operators/admin/olm-restricted-networks.adoc#olm-creating-catalog-from-index_olm-restricted-networks[Adding a catalog source to a cluster]
endif::openshift-dedicated,openshift-rosa[]
endif::openshift-dedicated,openshift-rosa[]
7 changes: 6 additions & 1 deletion extensions/catalogs/fbc.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ include::snippets/technology-preview.adoc[]

{olmv1-first} in {product-title} supports _file-based catalogs_ for discovering and sourcing cluster extensions, including Operators, on a cluster.

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

include::modules/olm-fb-catalogs.adoc[leveloffset=+1]

include::modules/olm-fb-catalogs-structure.adoc[leveloffset=+1]
Expand All @@ -36,4 +41,4 @@ For instructions about creating file-based catalogs by using the `opm` CLI, see
For reference documentation about the `opm` CLI commands related to managing file-based catalogs, see xref:../../cli_reference/opm/cli-opm-ref.adoc#cli-opm-ref[CLI tools].
include::modules/olm-fb-catalogs-automation.adoc[leveloffset=+1]
include::modules/olm-fb-catalogs-automation.adoc[leveloffset=+1]
1 change: 1 addition & 0 deletions extensions/catalogs/managing-catalogs.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ If your cluster is using custom catalogs, see xref:../../operators/operator_sdk/
====

include::modules/olmv1-about-catalogs.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources
* xref:../../extensions/catalogs/fbc.adoc#fbc[File-based catalogs]
Expand Down
5 changes: 5 additions & 0 deletions extensions/catalogs/rh-catalogs.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,9 @@ include::snippets/technology-preview.adoc[]

Red Hat provides several Operator catalogs that are included with {product-title} by default.

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

include::modules/olm-rh-catalogs.adoc[leveloffset=+1]
5 changes: 5 additions & 0 deletions extensions/ce/managing-ce.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ After a catalog has been added to your cluster, you have access to the versions,

You can manage extensions declaratively from the CLI using custom resources (CRs).

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

include::modules/olmv1-supported-extensions.adoc[leveloffset=+1]

[role="_additional-resources"]
Expand Down
6 changes: 5 additions & 1 deletion extensions/ce/upgrade-edges.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ When determining upgrade edges, also known as upgrade paths or upgrade constrain

By supporting {olmv0} semantics, {olmv1} now honors the upgrade graph from catalogs accurately.

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

.Differences from original {olmv0} implementation

* If there are multiple possible successors, {olmv1} behavior differs in the following ways:
Expand Down Expand Up @@ -50,4 +55,3 @@ include::modules/olmv1-forcing-an-update-or-rollback.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* xref:../../extensions/ce/upgrade-edges.adoc#olmv1-version-range-support_upgrade-edges[Support for version ranges]
7 changes: 7 additions & 0 deletions extensions/index.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,15 @@ Earlier Technology Preview phases of {olmv1} introduced a new `Operator` API; th
* The `Catalog` API, provided by the new catalogd component, serves as the foundation for {olmv1}, unpacking catalogs for on-cluster clients so that users can discover installable content, such as Kubernetes extensions and Operators. This provides increased visibility into all available Operator bundle versions, including their details, channels, and update edges.
--
+
[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====
+
For more information, see xref:../extensions/arch/operator-controller.adoc#operator-controller[Operator Controller] and xref:../extensions/arch/catalogd.adoc#catalogd[Catalogd].



Improved control over extension updates::
With improved insight into catalog content, administrators can specify target versions for installation and updates. This grants administrators more control over the target version of extension updates. For more information, see xref:../extensions/ce/managing-ce.adoc#olmv1-updating-an-operator_managing-ce[Updating an cluster extension].

Expand Down
6 changes: 6 additions & 0 deletions modules/olmv1-adding-a-catalog.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@

To add a catalog to a cluster, create a catalog custom resource (CR) and apply it to the cluster.


[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

.Prerequisites

// https://docs.asciidoctor.org/asciidoc/latest/directives/include-list-item-content/
Expand Down
9 changes: 7 additions & 2 deletions modules/olmv1-creating-a-pull-secret-for-catalogd.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,22 @@
//
// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc

ifeval::["{context}" == "olmv1-installing-operator"]
ifeval::["{context}" == "managing-catalogs"]
:olmv1-pullsecret-proc:
endif::[]

:_mod-docs-content-type: PROCEDURE

[id="olmv1-creating-a-pull-secret-for-catalogs-secure-registry_{context}"]
= Creating a pull secret for catalogs hosted on a secure registry
= Creating a pull secret for catalogs hosted on a private registry

include::snippets/olmv1-secure-registry-pull-secret.adoc[]

[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

.Prerequisites

* Login credentials for the secure registry
Expand Down
6 changes: 6 additions & 0 deletions modules/olmv1-installing-an-operator.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@

You can install an extension from a catalog by creating a custom resource (CR) and applying it to the cluster. {olmv1-first} supports installing cluster extensions, including {olmv0} Operators via the `registry+v1` bundle format, that are scoped to the cluster. For more information, see _Supported extensions_.


[IMPORTANT]
====
include::snippets/olmv1-known-issue-private-registries.adoc[]
====

.Prerequisites

* You have added a catalog to your cluster.
Expand Down
12 changes: 12 additions & 0 deletions modules/olmv1-red-hat-catalogs.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,19 @@

[IMPORTANT]
====
* {empty}
+
--
include::snippets/olmv1-known-issue-private-registries.adoc[]
--
* {empty}
+
--
include::snippets/olmv1-secure-registry-pull-secret.adoc[]
--
====

.Example Red Hat Operators catalog
Expand Down
15 changes: 15 additions & 0 deletions snippets/olmv1-known-issue-private-registries.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// Text snippet included in the following modules:
//
// * release_notes/ocp-4-17-release-notes.adoc (enterprise-4.17 branch only)
// * extensions/arch/catalogd.adoc
// * extensions/catalogs/creating-catalogs.adoc
// * extensions/catalogs/fbc.adoc
// * extensions/catalogs/managing-catalogs.adoc
// * extensions/catalogs/rh-catalogs.adoc
// * extensions/ce/managing-ce.adoc
// * extensions/ce/upgrade-edges.adoc
// * extensions/index.adoc

:_mod-docs-content-type: SNIPPET

Currently, {olmv1-first} cannot authenticate private registries, such as the Red{nbsp}Hat-provided Operator catalogs. This is a known issue. As a result, the {olmv1} procedures that rely on having the Red{nbsp}Hat Operators catalog installed do not work. (link:https://issues.redhat.com/browse/OCPBUGS-36364[*OCPBUGS-36364*])
8 changes: 3 additions & 5 deletions snippets/olmv1-secure-registry-pull-secret.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,10 @@

:_mod-docs-content-type: SNIPPET

If you want to use a catalog that is hosted on a secure registry, such as Red Hat-provided Operator catalogs from `registry.redhat.io`, you must have a pull secret scoped to the `openshift-catalogd` namespace.
If you want to use a catalog that is hosted on a private registry, such as Red{nbsp}Hat-provided Operator catalogs from `registry.redhat.io`, you must have a pull secret scoped to the `openshift-catalogd` namespace.

ifndef::olmv1-pullsecret-proc[For more information, see "Creating a pull secret for catalogs hosted on a secure registry".]

ifdef::olmv1-pullsecret-proc[]
[NOTE]
====
Currently, catalogd cannot read global pull secrets from {product-title} clusters. Catalogd can read references to secrets only in the namespace where it is deployed.
====
Catalogd cannot read global pull secrets from {product-title} clusters. Catalogd can read references to secrets only in the namespace where it is deployed.
endif::[]

0 comments on commit bfe725b

Please sign in to comment.