Update the Helm procedure to use oc-mirror for air-gapped environments

Signed-off-by: Fortune Ndlovu <[email protected]>

Author: Fortune-Ndlovu

modules/installation/proc-install-rhdh-airgapped-environment-ocp-helm.adoc

@@ -6,7 +6,7 @@
 
 An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.
 
-You can install {product} in an air-gapped environment to ensure security and meet specific regulatory requirements.
+This documentation outlines the steps to perform an air-gapped installation of Helm charts using the `oc-mirror` tool. The process ensures that all necessary resources are mirrored and deployed within a restricted environment.
 
 To install {product-short} in an air-gapped environment, you must have access to the `registry.redhat.io` and the registry for the air-gapped environment.
 
@@ -17,7 +17,8 @@ To install {product-short} in an air-gapped environment, you must have access to
 * You have access to the {ocp-brand-name} image registry of your cluster. For more information about exposing the image registry, see the {ocp-brand-name} documentation about https://docs.openshift.com/container-platform/{ocp-version}/registry/securing-exposing-registry.html[Exposing the registry].
 * You have installed the {openshift-cli} on your workstation.
 * You have installed the `podman` command line tools on your workstation.
-* You you have an account in https://developers.redhat.com/[{rhdeveloper-name}] portal.
+* You have installed the `oc-mirror`, review https://docs.openshift.com/container-platform/4.17/disconnected/mirroring/installing-mirroring-disconnected.html#installation-oc-mirror-installing-plugin_installing-mirroring-disconnected[Installing the oc-mirror OpenShift CLI plugin].
+* You have an account in https://developers.redhat.com/[{rhdeveloper-name}] portal.
 
 .Procedure
 
@@ -59,80 +60,62 @@ podman login registry.redhat.io
 +
 For more information about registry authentication, see https://access.redhat.com/RegistryAuthentication[{company-name} Container Registry Authentication].
 
-. Pull {product-short} and PostgreSQL images from https://catalog.redhat.com/software/containers/search[{company-name} Image registry] to your workstation, by running the following commands:
+. Create an `ImageSetConfiguration` file to specify the resources that
+need to be mirrored.
 +
-[source,terminal,source,subs="attributes+"]
-----
-podman pull registry.redhat.io/rhdh/rhdh-hub-rhel9:{product-version}
-----
-+
-[source,terminal,source,subs="attributes+"]
-----
-podman pull registry.redhat.io/rhel9/postgresql-15:latest
-----
-
-. Push both images to the internal {ocp-short} image registry by running the following commands:
-+
-[source,terminal,source,subs="attributes+"]
-----
-podman push --remove-signatures registry.redhat.io/rhdh/rhdh-hub-rhel9:{product-version} default-route-openshift-image-registry.<hostname>/<project_name>/rhdh-hub-rhel9:{product-version}
-----
+Example *imageset-config-ref.yaml*
 +
 [source,terminal]
 ----
-podman push --remove-signatures registry.redhat.io/rhel9/postgresql-15:latest default-route-openshift-image-registry.<hostname>/<project_name>/postgresql-15:latest
-----
-+
-For more information about pushing images directly to the {ocp-short} image registry, see https://access.redhat.com/solutions/6959306[How do I push an Image directly into the OpenShift 4 registry].
-+
-[IMPORTANT]
-====
-If an x509 error occurs, verify that you have link:https://access.redhat.com/solutions/6088891[installed the CA certificate used for {ocp-short} routes on your system].
-====
-
-. Use the following command to verify that both images are present in the internal {ocp-short} registry:
+apiVersion: mirror.openshift.io/v1alpha2
+kind: ImageSetConfiguration
+storageConfig:
+  local:
+    path: ./mirror-output
+mirror:
+  helm:
+    repositories:
+      - name: openshift-charts
+        url: https://charts.openshift.io
+        charts:
+          - name: redhat-developer-hub
+            version: "1.4.1"
+  additionalImages:
+    - name: registry.redhat.io/rhdh/rhdh-hub-rhel9:1.4-1737055846
+    - name: registry.redhat.io/rhel9/postgresql-15:latest
+----
+. Run the mirroring process on the ImageSetConfiguration file. Use the
+`oc-mirror` command to mirror the specified resources based on the
+configuration file. his command generates a `.tar` archive that contains
+all the mirrored resources.
 +
 [source,terminal]
 ----
-oc get imagestream -n <project_name>
+oc-mirror --config=imageset-config-ref.yaml **** file://mirror-archive
 ----
-
-. Enable local image lookup for both images by running the following commands:
+. Transfer the generated archive (e.g.,
+`mirror++_++seq1++_++000000.tar`) to the air-gapped environment using
+`scp` or another file transfer tool.
 +
 [source,terminal]
 ----
-oc set image-lookup postgresql-15
+scp ./mirror-archive/mirror_seq1_000000.tar /tmp
 ----
+. Extract the contents of the archive into a directory before proceeding
+with deployment.
 +
 [source,terminal]
 ----
-oc set image-lookup  rhdh-hub-rhel9
+tar -xvf /mirror-archive/mirror_seq1_000000.tar -C /tmp
 ----
-
-. Go to *YAML view* and update the `image` section for `backstage` and `postgresql` using the following values:
+. Deploy the Helm chart in the air-gapped environment using the `helm`
+command.
 +
---
-.Example values for Developer Hub image
-[source,yaml]
-----
-upstream:
-  backstage:
-    image:
-      registry: ""
-      repository: rhdh-hub-rhel9
-      tag: latest
-----
-
-.Example values for PostgreSQL image
-[source,yaml]
+[source,terminal]
 ----
-upstream:
-  postgresql:
-    image:
-      registry: ""
-      repository: postgresql-15
-      tag: latest
+helm install rhdh ./mirror-archive/oc-mirror-workspace/src/charts/redhat-developer-hub-1.4.1.tgz --namespace rhdh --create-namespace
 ----
---
 
-. Install the {product} using Helm chart.
+Verify that all resources are successfully deployed and running.
+Depending on the cluster’s router base, ensure the route matches the
+expected URL. If necessary, update the route.