Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ImageDigestMirrorSet #1456

Open
durera opened this issue Sep 6, 2024 · 1 comment
Open

Support ImageDigestMirrorSet #1456

durera opened this issue Sep 6, 2024 · 1 comment
Assignees
@JonahLuckett
Labels
Enhancement New feature or request

Comments

@durera
Copy link
Contributor

durera commented Sep 6, 2024

Feature and motivation

ImageContentSourcePolicy (ICSP) are the key artifact powering disconnected installations, however they have been deprecated since OCP 4.13. ImageDigestMirrorSet (IDMS) is the replacement technology, and it's a fairly simple conversion from one to the other.

IDMS are supported from OCP 4.13 onwards, so we needed to wait for OCP 4.12 end of life to avoid needing to dual support both technologies, that date has now passed, and we should handle this before it becomes a time critical problem that will block support of a new OCP release given our objective to support new releases within 30 days.

There is no announced date on when ICSP will be removed, and generally we find out at very short notice so we must not wait until after we hear that ICSP has been removed from an OCP release to take action.

The action required is two-fold:

  • Ensure that during install we create a IDMS instead of an ICSP
  • Ensure that during update we replace the existing ICSP with IDMS

Obviously there will be accompanying documentation updates as well.

When implementing the IDMS ensure to use the NeverContactSource mirrorSourcePolicy, as this represents the behavior our customer expect.

For more information refer to https://docs.openshift.com/container-platform/4.13/openshift_images/image-configuration.html

Although this is mostly being driven by currency concerns (avoiding this being a blocker for support of a future OCP release when ICSP are removed) multiple customers have indirectly asked for this work to be done; they want the functionality that the migration to IDMS enables whereby OpenShift changes from only using mirrors as a fallback after failing to contact the source registry, to using mirrors in the first instance and never even attempting to reach the source registry. Many have assumed that's how it worked and we have had multiple support tickets where confused customers didn't understand why images were still coming from ICR instead of their mirror, so this brings multiple benefits.

Usage example

This enhancement will apply to all future disconnected installs of MAS
@durera durera added the Enhancement New feature or request label Sep 6, 2024
@witekwww
Copy link

witekwww commented Sep 6, 2024

Side note: if You plan to migrate OpenShift images mirroring support as well, we need to create also ImageTagMirrorSet. Some of the images (like node debug for example) are pulled by tag, not by digest. With use of ImageDigestMirrorSet such pods will fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JonahLuckett JonahLuckett

Labels
Enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@durera @JonahLuckett @witekwww