diff --git a/.wordlist.txt b/.wordlist.txt index c58472cd7..64f2a96cb 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -1,3 +1,4 @@ +aaaee aab aap abd @@ -9,6 +10,7 @@ acs activedeadlineseconds activemq actualweight +additionalimages addon addons addr @@ -22,6 +24,7 @@ afnmju agentless agof aiml +akeyless akiaiosfodnn akiaiosfodnn7example akxxxxxxxxxxxxx @@ -49,6 +52,7 @@ architecturedetail argocd argocd's argoproj +arn aro arptn arskhan @@ -63,6 +67,8 @@ atuc auditable auth authenticators +autorepair +autoscaling avx awk awsregion @@ -82,6 +88,7 @@ bd bdo beekhof bh +bitnami bj bjp bls @@ -108,8 +115,10 @@ ceph cephfs cephobjectstoreuser cfengine +cfg cgo changelog +chartversion chatbot chatqna chown @@ -126,6 +135,9 @@ cloudinituser cloudprovider clusteradm clustergroup +clustergroupchartgitrevision +clustergroupchartversion +clustergroupgitrepourl clustergroupname clustergroups clustername @@ -157,10 +169,13 @@ configur conjur containerimage controlplane +controlplaneendpoint coreos cp crd +crds creationdate +creationtimestamp credentialtype creds crohn's @@ -265,6 +280,7 @@ efg efrqurrkuojrlsqhi eg ejuat +elb embeddings enablement endcomment @@ -293,6 +309,7 @@ facto fadc fc fcb +fcea fdggwhsbykeqocze featureful ffb @@ -317,6 +334,7 @@ fsv fsync fvsm fx +gapped gaudi gaudillm gcp @@ -326,6 +344,7 @@ genaiexamples genrsa gf gh +ghcr gib gid gitea @@ -335,6 +354,7 @@ gitops gitopsspec gitspec gkxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +gmqzd godebug golang googlegroups @@ -366,6 +386,7 @@ hcp hdsr helloworld helmoverrides +helmrepourl highperformance hipaa hl @@ -375,6 +396,7 @@ homebrew homeoffice hostedcluster hostedclusters +hostingcluster hostname howto hpc @@ -394,7 +416,9 @@ hypershift iaa iam ib +ibmcloud idempotence +idms idp iframe ignoredifferences @@ -402,10 +426,13 @@ iio iiuc ilkka im +imagedata imagepullpolicy imageregistry imagesdir imageserver +imageset +imagesetconfiguration imagestream img inferencing @@ -414,6 +441,7 @@ informa informat informati informatio +infraid infraprovider ingester ingressgateway @@ -445,6 +473,7 @@ isnicup isr istio istio's +itms iz jaeger jboss @@ -517,6 +546,7 @@ letsencrypt leveloffset lhipbabbledummyhykhq lifecycle +lifecycle's lk llm llms @@ -529,15 +559,19 @@ looks lookups lsv lvm +lvms machineapi machineconfigpool machineconfigs machineset +macos macosx mailto maistra makefile +makefiles managedcluster +managedclusterconditionavailable managedclustergroups managedclusterinfo managedclusters @@ -582,6 +616,7 @@ mq mqtt multicloud multicluster +multisource multisourceconfig musthave mustnothave @@ -590,6 +625,7 @@ mv mycluster mydomain mynamespace +myorg mytest namespace namespaces @@ -609,6 +645,8 @@ nim nlp nodb nodejs +nodepool +nodepools nodeport noobaa nosql @@ -658,9 +696,11 @@ operatorframework operatorgroup operatorgroups operatorhub +operatorsource opr osspa osx +ouput outofsync overcommitting ovms @@ -677,6 +717,7 @@ pathed patternbranch patternrepo patternsh +patternsoperator pbivukilnpoe pci pem @@ -722,6 +763,7 @@ psql pstools pubkey publickey +pullsecret purpu pushsecret pushsecrets @@ -732,6 +774,7 @@ py qat qatlib qe +qfdya ql qna qtgmclkdlnkwcdpvyxarm @@ -761,8 +804,10 @@ repo repolist repo's repos +repourl reranked reranking +resourceversion resync reusability revisiontimestamp @@ -782,6 +827,7 @@ rhpds rhsm rhsmcredential rhvalidatedpatterns +rhvp rickard roadmaps rolename @@ -860,7 +906,11 @@ storageclassname storagecluster stormshift strimzi +sts +subcommand subdirectories +subdirectory +subfolder submodule submoduled submodules @@ -948,6 +998,8 @@ unencrypted unschedulable unsealvault untrusted +updatingconfig +updatingversion upstreaming upstream's ure @@ -981,6 +1033,7 @@ vm vms vnc vnfq +vnkdn vnq vnw vps @@ -1005,13 +1058,16 @@ xeon xeons xlarge xmqtbdb +xnmdr xp xpq xray xraylab xraylabdb xrays +xsubtree xsyyu +xtheirs xxxxxxxx xyz yaml diff --git a/content/blog/2024-09-13-using-hypershift.adoc b/content/blog/2024-09-13-using-hypershift.adoc index a4ffe7358..9049e7224 100644 --- a/content/blog/2024-09-13-using-hypershift.adoc +++ b/content/blog/2024-09-13-using-hypershift.adoc @@ -38,7 +38,7 @@ Deploying HyperShift clusters requires the following: |=== -Additonally, you will need: +Additionally, you will need: - An openshift cluster that has the multicluster-engine operator deployed and configured - You are logged into your management cluster with an appropriately credentialed user @@ -236,7 +236,7 @@ oc scale --replicas=2 nodepools/ -n clusters ---- After a few minutes the nodepool will scale up the number of compute resources in the nodepool -[.console-ouput] +[.console-output] [source,bash,subs=attributes+,+macros] ---- NAME CLUSTER DESIRED NODES CURRENT NODES AUTOSCALING AUTOREPAIR VERSION UPDATINGVERSION UPDATINGCONFIG MESSAGE diff --git a/content/blog/2024-09-26-slimming-of-common.adoc b/content/blog/2024-09-26-slimming-of-common.adoc index 0ee9e1195..2b7de3097 100644 --- a/content/blog/2024-09-26-slimming-of-common.adoc +++ b/content/blog/2024-09-26-slimming-of-common.adoc @@ -50,7 +50,7 @@ At this point the pattern's `slimming` branch has the slimmed down version of co Then make sure you are using multisource for the clustergroup chart and use the `0.9.*` chart. -Note that by default, when unspecificed the default clustergroup chart version when using multisource is `0.8.*`. +Note that by default, when unspecified the default clustergroup chart version when using multisource is `0.8.*`. Set the following in `values-global.yaml`: diff --git a/content/blog/2024-10-12-disconnected.adoc b/content/blog/2024-10-12-disconnected.adoc new file mode 100644 index 000000000..e8c1acff0 --- /dev/null +++ b/content/blog/2024-10-12-disconnected.adoc @@ -0,0 +1,183 @@ +--- + date: 2024-10-12 + title: Validated Patterns in a disconnected Network + summary: Install a Validated Pattern on a disconnected network + author: Michele Baldessari + blog_tags: + - patterns + - how-to +--- +:toc: + +== Preamble + +This document provides a comprehensive guide on how to deploy a Validated +Pattern, specifically the Multicloud GitOps solution on OpenShift 4.16, onto an +OpenShift cluster that has been set up in a disconnected network environment. A +disconnected network, in this context, refers to an infrastructure that is +isolated from external internet access, which adds additional complexity to the +deployment process. + +By following this guide, you will learn the necessary steps, best practices, +and specific configurations required to successfully deploy Multicloud GitOps +in such an environment. We will cover the prerequisite setup, key components +involved, and how to manage the constraints posed by the lack of direct +connectivity to external repositories and services. This ensures that even in a +restricted, air-gapped network, the deployment of this validated pattern can be +performed smoothly and securely. + + +== Requirements + +* One or more openshift clusters deployed in a disconnected network +* An OCI-compliant registry that is accessible from the disconnected network + (referred to as `registry.internal.disconnected.net` in this article) +* A Git Repository that is accessible from the disconnected network +* (Optional) A VM in the disconnected network where we run our commands + +We won’t cover here how to deploy openshift in a disconnected network, as there +is more detailed documentation that can be found +https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/disconnected_environments/index#about-installing-oc-mirror-v2[here] + +== Mirroring + +The first step needed to deploy a pattern is mirroring all the needed images. +In most cases this is a very pattern-dependent process, so the exact list of +needed images will depend on the pattern, on the openshift version and on the +needed operators. + +In this example we use the tool `oc mirror --v2` (note: it is currently in tech +preview, but the experience is superior compared to the previous release). Here +is an example of such a configuration file `imageset-config.yaml`: + +[source,yaml] +---- +kind: ImageSetConfiguration +apiVersion: mirror.openshift.io/v2alpha1 +mirror: + platform: + graph: true + channels: + - name: stable-4.16 + type: ocp + operators: + - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.16 + packages: + - name: lvms-operator + - name: advanced-cluster-management + channels: + - name: release-2.11 + - name: multicluster-engine + channels: + - name: stable-2.6 + - name: openshift-gitops-operator + channels: + - name: gitops-1.13 + - catalog: registry.redhat.io/redhat/community-operator-index:v4.16 + packages: + - name: patterns-operator + additionalImages: + - name: registry.redhat.io/ubi9/ubi-minimal:latest + - name: registry.connect.redhat.com/hashicorp/vault:1.17.6-ubi + - name: registry.access.redhat.com/ubi8/httpd-24:1-226 + - name: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi + - name: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest + # VP charts + - name: quay.io/hybridcloudpatterns/acm:0.1.3 + - name: quay.io/hybridcloudpatterns/clustergroup:0.9.5 + - name: quay.io/hybridcloudpatterns/gitea:0.0.2 + - name: quay.io/hybridcloudpatterns/golang-external-secrets:0.1.3 + - name: quay.io/hybridcloudpatterns/hashicorp-vault:0.1.3 + - name: quay.io/hybridcloudpatterns/utility-container:latest + - name: quay.io/hybridcloudpatterns/imperative-container:v1 + - name: quay.io/hybridcloudpatterns/pattern-install:0.0.3 + - name: docker.io/gitea/gitea:1.21.11-rootless +---- + +We can use this `imageset-config.yaml` file to mirror the needed images on our +registry. We assume we have a folder (`/var/cache/oc-mirror`) where the tool can +locally cache the downloaded images before pushing them to the internal +registry. We copied the imageset-config.yaml in that folder: + +[source,sh] +---- +oc mirror --config=/var/cache/oc-mirror/imageset-config.yaml \ + --workspace file:///var/cache/oc-mirror/workspace \ + docker://registry.internal.disconnected.net --v2 +---- + +Once this command completes the `registry.internal.disconnected` OCI registry +will contain the mirrored images. The oc mirror command will generate a few +yaml files that can be found under `/var/cache/oc-mirror/workspace/working-dir/cluster-resources`. + +We need to apply them to our cluster: + +[source,sh] +---- +cd /var/cache/oc-mirror/workspace/working-dir/cluster-resources +oc apply -f cs-community-operator-index-v4-16.yaml \ + cs-redhat-operator-index-v4-16.yaml idms-oc-mirror.yaml \ + itms-oc-mirror.yaml +---- + +Once these are applied the cluster will be able to fetch the images from the +internal disconnected registry. + +== Git repository changes + +Note that we assume here that the git folder you are working on has the +`origin` remote pointing to the disconnected git server where you will be +cloning the pattern from. To verify to which git server a remote is pointing to +you can run the `git remote -v` command. + +We will need to tweak a couple of things so that the pattern is aware of which +catalog sources in openshift contain the different images. Those names were +defined in the previous mirroring step in the yaml files under +`/var/cache/oc-mirror/workspace/working-dir/cluster-resources`. + +`values-global.yaml`: +[source,yaml] +---- +main: + multiSourceConfig: + enabled: true + clusterGroupChartVersion: "0.9.*" + helmRepoUrl: registry.internal.disconnected.net/hybridcloudpatterns + patternsOperator: + source: cs-community-operator-index-v4-16 + gitops: + operatorSource: cs-redhat-operator-index-v4-16 +---- + +`values-hub.yaml`: +[source,yaml] +---- +acm: + mce_operator: + source: cs-redhat-operator-index-v4-16 + +clusterGroup: + subscriptions: + acm: + name: advanced-cluster-management + namespace: open-cluster-management + channel: release-2.11 + source: cs-redhat-operator-index-v4-16 +---- + +== Deploy the pattern + +At this point we can clone Multicloud Gitops on to a VM that lives in the +disconnected network and deploy the pattern. The only thing we need to do first +is to point the installation script to the mirrored helm chart inside the +disconnected registry. + +[source,sh] +---- +# Points to the mirrored VP install chart +export PATTERN_DISCONNECTED_HOME=registry.internal.disconnected.net/hybridcloudpatterns +./pattern.sh make install +---- + +After a while the cluster will converge to its desired final state and the +MultiCloud Gitops pattern will be installed successfully.