OCP content port to ROSA and OSD: Images

Author: Michael Burke

_topic_maps/_topic_map_osd.yml

@@ -331,6 +331,59 @@ Topics:
     File: setting-up-trusted-ca
     Distros: openshift-dedicated
 ---
+Name: Images
+Dir: openshift_images
+Distros: openshift-dedicated
+Topics:
+- Name: Overview of images
+  File: index
+# replaced Configuring the Cluster Samples Operator name, cannot configure the operator
+- Name: Overview of the Cluster Samples Operator
+  File: configuring-samples-operator
+  Distros: openshift-dedicated
+- Name: Using the Cluster Samples Operator with an alternate registry
+  File: samples-operator-alt-registry
+  Distros: openshift-dedicated
+- Name: Creating images
+  File: create-images
+- Name: Managing images
+  Dir: managing_images
+  Topics:
+  - Name: Managing images overview
+    File: managing-images-overview
+  - Name: Tagging images
+    File: tagging-images
+  - Name: Image pull policy
+    File: image-pull-policy
+  - Name: Using image pull secrets
+    File: using-image-pull-secrets
+- Name: Managing image streams
+  File: image-streams-manage
+  Distros: openshift-dedicated
+- Name: Using image streams with Kubernetes resources
+  File: using-imagestreams-with-kube-resources
+  Distros: openshift-dedicated
+- Name: Triggering updates on image stream changes
+  File: triggering-updates-on-imagestream-changes
+  Distros: openshift-dedicated
+- Name: Image configuration resources
+  File: image-configuration
+  Distros: openshift-dedicated
+- Name: Using templates
+  File: using-templates
+- Name: Using Ruby on Rails
+  File: templates-using-ruby-on-rails
+- Name: Using images
+  Dir: using_images
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Using images overview
+    File: using-images-overview
+  - Name: Source-to-image
+    File: using-s21-images
+  - Name: Customizing source-to-image images
+    File: customizing-s2i-images
+---
 Name: Add-on services
 Dir: adding_service_cluster
 Distros: openshift-dedicated

_topic_maps/_topic_map_rosa.yml

@@ -484,6 +484,59 @@ Topics:
   - Name: Setting up additional trusted certificate authorities for builds
     File: setting-up-trusted-ca
     Distros: openshift-rosa
+---
+Name: Images
+Dir: openshift_images
+Distros: openshift-rosa
+Topics:
+- Name: Overview of images
+  File: index
+# replaced Configuring the Cluster Samples Operator name, cannot configure the operator
+- Name: Overview of the Cluster Samples Operator
+  File: configuring-samples-operator
+  Distros: openshift-rosa
+- Name: Using the Cluster Samples Operator with an alternate registry
+  File: samples-operator-alt-registry
+  Distros: openshift-rosa
+- Name: Creating images
+  File: create-images
+- Name: Managing images
+  Dir: managing_images
+  Topics:
+  - Name: Managing images overview
+    File: managing-images-overview
+  - Name: Tagging images
+    File: tagging-images
+  - Name: Image pull policy
+    File: image-pull-policy
+  - Name: Using image pull secrets
+    File: using-image-pull-secrets
+- Name: Managing image streams
+  File: image-streams-manage
+  Distros: openshift-rosa
+- Name: Using image streams with Kubernetes resources
+  File: using-imagestreams-with-kube-resources
+  Distros: openshift-rosa
+- Name: Triggering updates on image stream changes
+  File: triggering-updates-on-imagestream-changes
+  Distros: openshift-rosa
+- Name: Image configuration resources
+  File: image-configuration
+  Distros: openshift-rosa
+- Name: Using templates
+  File: using-templates
+- Name: Using Ruby on Rails
+  File: templates-using-ruby-on-rails
+- Name: Using images
+  Dir: using_images
+  Distros: openshift-rosa
+  Topics:
+  - Name: Using images overview
+    File: using-images-overview
+  - Name: Source-to-image
+    File: using-s21-images
+  - Name: Customizing source-to-image images
+    File: customizing-s2i-images
 ---
   Name: Add-on services
   Dir: adding_service_cluster

modules/images-configuration-allowed.adoc

@@ -18,7 +18,12 @@ When the `allowedRegistries` parameter is defined, all registries, including the
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+ifndef::openshift-rosa,openshift-dedicated[]
+. Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
 +
 [source,terminal]
 ----
@@ -61,7 +66,9 @@ Either the `allowedRegistries` parameter or the `blockedRegistries` parameter ca
 +
 The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, the allowed registries list is used to update the image signature policy in the `/host/etc/containers/policy.json` file on each node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . To check that the registries have been added to the policy file, use the following command on a node:
+// cannot create resource "namespaces"
 +
 [source,terminal]
 ----
@@ -157,6 +164,7 @@ The following policy indicates that only images from the example.com, quay.io, a
 }
 ----
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [NOTE]
 ====

modules/images-configuration-blocked.adoc

@@ -18,7 +18,12 @@ To prevent pod failure, do not add the `registry.redhat.io` and `quay.io` regist
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+ifndef::openshift-rosa,openshift-dedicated[]
+. Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
 +
 [source,terminal]
 ----
@@ -58,7 +63,9 @@ Either the `blockedRegistries` registry or the `allowedRegistries` registry can
 +
 The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, changes to the blocked registries appear in the `/etc/containers/registries.conf` file on each node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . To check that the registries have been added to the policy file, use the following command on a node:
+// cannot create resource "namespaces"
 +
 [source,terminal]
 ----
@@ -77,3 +84,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
   location = "untrusted.com"
   blocked = true
 ----
+endif::openshift-rosa,openshift-dedicated[]

modules/images-configuration-cas.adoc

@@ -40,7 +40,7 @@ data:
 
 You can configure additional CAs with the following procedure.
 
-. To configure an additional CA:
+* To configure an additional CA:
 +
 [source,terminal]
 ----

modules/images-configuration-insecure.adoc

@@ -18,7 +18,12 @@ Insecure external registries should be avoided to reduce possible security risks
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+ifndef::openshift-rosa,openshift-dedicated[]
+. Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
 +
 [source,terminal]
 ----
@@ -66,7 +71,9 @@ When the `allowedRegistries` parameter is defined, all registries, including the
 +
 The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` CR for any changes to the registries, then drains and uncordons the nodes when it detects changes. After the nodes return to the `Ready` state, changes to the insecure and blocked registries appear in the `/etc/containers/registries.conf` file on each node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . To check that the registries have been added to the policy file, use the following command on a node:
+// cannot create resource "namespaces"
 +
 [source,terminal]
 ----
@@ -85,3 +92,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
   location = "insecure.com"
   insecure = true
 ----
+endif::openshift-rosa,openshift-dedicated[]

modules/images-configuration-registry-mirror-convert.adoc

@@ -16,7 +16,12 @@ For more information about `ImageDigestMirrorSet` or `ImageTagMirrorSet` objects
 
 .Prerequisites
 
-* Ensure that you have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 * Ensure that you have `ImageContentSourcePolicy` objects on your cluster.
 

modules/images-configuration-registry-mirror.adoc

@@ -57,7 +57,12 @@ If your cluster uses an `ImageDigestMirrorSet` or `ImageTagMirrorSet` object to
 The following procedure creates a postinstallation mirror configuration, where you create an `ImageDigestMirrorSet` object.
 
 .Prerequisites
-* Ensure that you have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 * Ensure that there are no `ImageContentSourcePolicy` objects on your cluster. For example, you can use the following command:
 +

modules/images-configuration-shortname.adoc

@@ -37,7 +37,12 @@ The `containerRuntimeSearchRegistries` parameter works only with the Podman and
 
 .Procedure
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Edit the `image.config.openshift.io/cluster` custom resource:
+endif::openshift-rosa,openshift-dedicated[]
 +
 [source,terminal]
 ----
@@ -90,6 +95,7 @@ status:
 When the `allowedRegistries` parameter is defined, all registries, including the `registry.redhat.io` and `quay.io` registries and the default {product-registry}, are blocked unless explicitly listed. If you use this parameter, to prevent pod failure, add all registries including the `registry.redhat.io` and `quay.io` registries and the `internalRegistryHostname` to the `allowedRegistries` list, as they are required by payload images within your environment. For disconnected clusters, mirror registries should also be added.
 ====
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . To check that the registries have been added, when a node returns to the `Ready` state, use the following command on the node:
 +
 [source,terminal]
@@ -102,4 +108,4 @@ $ cat /host/etc/containers/registries.conf.d/01-image-searchRegistries.conf
 ----
 unqualified-search-registries = ['reg1.io', 'reg2.io', 'reg3.io']
 ----
-
+endif::openshift-rosa,openshift-dedicated[]

modules/images-samples-operator-deprecated-image-stream.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * openshift_images/configuring-samples-operator.adoc
+// * openshift_images/configuring-samples-operator.adoc
 
 
 :_mod-docs-content-type: PROCEDURE