Specifying image repositories/proxies to use with OLM/operator-sdk
43 views
Skip to first unread message
Kevin Serikstad
Jul 11, 2023, 5:40:06 PM7/11/23
to Operator Framework
Hi,
I installed and investigated means to get OLM to use image repository proxies as is commonly used within corporations like mine, but could not find a solution. Rephrasing the issue, company-wide Kubernetes policies only allow images that have been pulled through our corporate image repositories and/or proxies.
Kevin Serikstad
I installed and investigated means to get OLM to use image repository proxies as is commonly used within corporations like mine, but could not find a solution. Rephrasing the issue, company-wide Kubernetes policies only allow images that have been pulled through our corporate image repositories and/or proxies.
Is there any facility for altering the image repositories/ports used to download images for an operator through OLM/operator-sdk?
Thanks.
Kevin Serikstad
Vu Dinh
Jul 11, 2023, 5:56:41 PM7/11/23
to Operator Framework
Hi Kevin,
I assume you mean the operator bundle and registry images. You can certainly build your own registry images with all the bundles and push them to your own registries. Then, you can reference your images in the CatalogSource object. OLM (cluster container runtime) pull images from those references. If you need to use private registries, then include pull secrets in the CatalogSource spec.
I hope that helps,
Vu
Frederic Giloux
Jul 12, 2023, 4:15:25 AM7/12/23
to kseri...@gmail.com, Operator Framework, Vu Dinh
Hi Kevin
If you are using OpenShift you can configure ImageDigestMirrorSet or ImageTagMirrorSet for global configuration of image proxies. With older versions there was ImageContentSourcePolicy.
https://docs.openshift.com/container-platform/4.13/openshift_images/image-configuration.html#images-configuration-registry-mirror_image-configuration
If you are using kind or another Kubernetes distribution you can configure the same directly at the container engine level running on the node. EKS or AKS may have their own way of doing it.If you are using OpenShift you can configure ImageDigestMirrorSet or ImageTagMirrorSet for global configuration of image proxies. With older versions there was ImageContentSourcePolicy.
https://docs.openshift.com/container-platform/4.13/openshift_images/image-configuration.html#images-configuration-registry-mirror_image-configuration
https://shivering-isles.com/mirroring-your-cluster-images
--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/3cd9a666-6e21-4c33-b5ff-141762bee22bn%40googlegroups.com.
--
Frédéric Giloux
OpenShift Engineering
Red Hat Germany
Red Hat Germany
________________________________________________________________________
Red Hat GmbH, Registered seat: Werner-von-Siemens-Ring 12, D-85630 Grasbrunn, Germany Commercial register: Amtsgericht München/Munich, HRB 153243, Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Anik Bhattacharjee
Jul 12, 2023, 8:12:41 AM7/12/23
to Frederic Giloux, kseri...@gmail.com, Operator Framework, Vu Dinh
Looks like there's some additional info required to answer your question accurately Kevin. Looking at the question, I was thinking about this doc that might be helpful to you:
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/CAN2UQYQ4vUvOTBdNrBGN3y9QJvCr0grvyVWFoahSt277HTJF2g%40mail.gmail.com.
Kevin Serikstad
Jul 12, 2023, 1:44:47 PM7/12/23
to Anik Bhattacharjee, Frederic Giloux, Operator Framework, Vu Dinh
Hi,
This is exactly what I was looking for as well as confirmation that there is not currently some sort of proxy mechanism supported.
Thanks!
Kevin Serikstad
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/CACkvfxQ5zhTHtN2%3DYz03xSHcK92SWKnkRio%2BDXmCE4a%2B%3Dem9AQ%40mail.gmail.com.
Anik Bhattacharjee
Jul 12, 2023, 1:50:14 PM7/12/23
to Kevin Serikstad, Frederic Giloux, Operator Framework, Vu Dinh
Right, I see what you mean now. There is no direct proxy mechanism built into OLM components.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/CAAyija2ge%3Dw-7_pKTE7LB2Sak_ttE0Uxk%3DoVs6OgorMw%3D7CnZg%40mail.gmail.com.
Vu Dinh
Jul 12, 2023, 3:15:48 PM7/12/23
to Operator Framework
Hey Kevin,
I think Anik already gave the answer you need. Just a few points here I want to mention. There is no direct proxy mechanism in OLM because the current OLM doesn't handle pulling images directly. OLM usually spins up a bunch of pods with image references and the cluster container runtime will do the pulling part to make those images available on the nodes. There is nothing stopping you from referencing proxy images in the CatalogSources as long as the container runtime is configured to pull those images successfully.
Vu
Reply all
Reply to author
Forward
0 new messages