2. Operator Lifecycle Manager

2.1. Prerequisites

  • An index image built and pushed to a registry.

  • podman version 1.9.3+

  • grpcurl

  • opm version 1.12.3+

  • Access to a registry that supports Docker v2-2

# curl -u user:password -ks https://registry.ocp.labs.stroila.ca:5000/v2/olm/redhat-operators/tags/list
{"name":"olm/redhat-operators","tags":["v1"]}

If you want to prune the default catalog and selectively mirror only a subset of Operators, install the opm CLI

2.2. Disabling the default OperatorHub sources

Before configuring OperatorHub to instead use local catalog sources in a restricted network environment, you must disable the default catalogs.

  • Disable the sources for the default catalogs by adding disableAllDefaultSources: true to the OperatorHub object:

oc patch OperatorHub cluster --type json \
 -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' --kubeconfig /tmp/assets/auth/kubeconfig

2.3. Pruning an index image

Run the source index image that you want to prune in a container

podman run -p 50051:50051 \
 -it registry.redhat.io/redhat/redhat-operator-index:v4.6

In a separate terminal session, use the grpcurl command to get a list of the packages provided by the index

grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.out

Extract opm

oc image extract registry.redhat.io/openshift4/ose-operator-registry:v4.6 \
    -a pull.json \
    --path /usr/bin/opm:. \
    --confirm

sudo chmod +x opm
sudo mv ./opm /usr/local/bin

Run the following command to prune the source index of all but the specified packages

opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.6 \
 -p 3scale-operator,advanced-cluster-management,amq-broker,amq-broker-lts,amq-online,amq-streams,amq7-interconnect-operator,apicast-operator,awx-resource-operator,businessautomation-operator,cluster-kube-descheduler-operator,cluster-logging,clusterresourceoverride,codeready-workspaces,compliance-operator,container-security-operator,datagrid,eap,elasticsearch-operator,file-integrity-operator,fuse-apicurito,fuse-console,fuse-online,jaeger-product,kiali-ossm,kubevirt-hyperconverged,local-storage-operator,metering-ocp,mtc-operator,nfd,ocs-operator,openshift-jenkins-operator,openshift-pipelines-operator-rh,performance-addon-operator,ptp-operator,quay-bridge-operator,quay-operator,red-hat-camel-k,rh-service-binding-operator,rhsso-operator,serverless-operator,service-registry-operator,servicemeshoperator,sriov-network-operator,vertical-pod-autoscaler,web-terminal,windows-machine-config-operator \
-t registry.ocp.labs.stroila.ca:5000/redhat/redhat-operator-index:v4.6

Run the following command to push the new index image to your target registry

podman push registry.ocp.labs.stroila.ca:5000/redhat/redhat-operator-index:v4.6

2.4. Mirroring an Operator catalog

On a workstation with unrestricted network access, run the following command

oc adm catalog mirror \
    registry.ocp.labs.stroila.ca:5000/redhat/redhat-operator-index:v4.6 \
    registry.ocp.labs.stroila.ca:5000 \
    -a pull.json \
    --insecure \
    --filter-by-os='.*'

2.5. Creating a catalog from an index image

Create a CatalogSource object that references your index image.

  • Modify the following to your specifications and save it as a catalogsource.yaml file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ocp-operator-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: registry.ocp.labs.stroila.ca:5000/redhat/redhat-operators:v1
  displayName: OCP Operator Catalog
  publisher: grpc
  updateStrategy:
    registryPoll:
      interval: 30m

  • Use the file to create the CatalogSource object:

oc create -f catalogsource.yaml --kubeconfig /tmp/assets/auth/kubeconfig

Verify the following resources are created successfully.

  • Check the pods:

# oc get pods -n openshift-marketplace --kubeconfig /tmp/assets/auth/kubeconfig
NAME                                    READY   STATUS    RESTARTS   AGE
marketplace-operator-7d6b5c5c5d-kj8bc   1/1     Running   0          28h
ocp-operator-catalog-jrf6p             1/1     Running   0          4m18s

  • Check the catalog source:

# oc get catalogsource -n openshift-marketplace --kubeconfig /tmp/assets/auth/kubeconfig
NAME                    DISPLAY                 TYPE   PUBLISHER   AGE
ocp-operator-catalog   OCP Operator Catalog   grpc   Stroila      14m

  • Check the package manifest:

# oc get packagemanifest -n openshift-marketplace --kubeconfig /tmp/assets/auth/kubeconfig
NAME                                CATALOG                 AGE
dv-operator                         OCP Operator Catalog   12m
advanced-cluster-management         OCP Operator Catalog   12m
openshifttemplateservicebroker      OCP Operator Catalog   12m
elasticsearch-operator              OCP Operator Catalog   12m
ocs-operator                        OCP Operator Catalog   12m
fuse-console                        OCP Operator Catalog   12m
amq-broker-lts                      OCP Operator Catalog   12m
cluster-logging                     OCP Operator Catalog   12m
codeready-workspaces                OCP Operator Catalog   12m
amq-streams                         OCP Operator Catalog   12m
mtc-operator                        OCP Operator Catalog   12m
apicast-operator                    OCP Operator Catalog   12m
quay-bridge-operator                OCP Operator Catalog   12m
manila-csi-driver-operator          OCP Operator Catalog   12m
datagrid                            OCP Operator Catalog   12m
amq7-cert-manager                   OCP Operator Catalog   12m
jaeger-product                      OCP Operator Catalog   12m
amq-broker                          OCP Operator Catalog   12m
cincinnati-operator                 OCP Operator Catalog   12m
sriov-network-operator              OCP Operator Catalog   12m
amq-online                          OCP Operator Catalog   12m
fuse-online                         OCP Operator Catalog   12m
red-hat-camel-k                     OCP Operator Catalog   12m
rh-service-binding-operator         OCP Operator Catalog   12m
ptp-operator                        OCP Operator Catalog   12m
service-registry-operator           OCP Operator Catalog   12m
openshiftansibleservicebroker       OCP Operator Catalog   12m
rhsso-operator                      OCP Operator Catalog   12m
metering-ocp                        OCP Operator Catalog   12m
kubevirt-hyperconverged             OCP Operator Catalog   12m
nfd                                 OCP Operator Catalog   12m
vertical-pod-autoscaler             OCP Operator Catalog   12m
quay-operator                       OCP Operator Catalog   12m
amq7-interconnect-operator          OCP Operator Catalog   12m
eap                                 OCP Operator Catalog   12m
kiali-ossm                          OCP Operator Catalog   12m
web-terminal                        OCP Operator Catalog   12m
fuse-apicurito                      OCP Operator Catalog   12m
awx-resource-operator               OCP Operator Catalog   12m
serverless-operator                 OCP Operator Catalog   12m
aws-ebs-csi-driver-operator         OCP Operator Catalog   12m
clusterresourceoverride             OCP Operator Catalog   12m
businessautomation-operator         OCP Operator Catalog   12m
openshift-pipelines-operator-rh     OCP Operator Catalog   12m
servicemeshoperator                 OCP Operator Catalog   12m
local-storage-operator              OCP Operator Catalog   12m
3scale-operator                     OCP Operator Catalog   12m
amq-broker-rhel8                    OCP Operator Catalog   12m
cluster-kube-descheduler-operator   OCP Operator Catalog   12m
performance-addon-operator          OCP Operator Catalog   12m
container-security-operator         OCP Operator Catalog   12m
OLM