Deploying a Red Hat OpenShift operator in an online environment is a breeze! OpenShift will simply pull the required images from public registries, and voila, we're good to use it without any hassle.
However, the game changes when we're working in a disconnected environment. For most customers, keeping their servers off the internet is a top priority due to security concerns. Suddenly, deploying an OpenShift operator becomes more intricate and we can't rely on public registries anymore. Instead, we need to gather all the necessary container images and make sure they're available within our disconnected environment. Only then can we successfully deploy an operator on OpenShift.
Using oc-mirror in a typical environment
When deploying the OpenShift operators in a disconnected environment, one of the first steps is to mirror images from Red Hat’s public registries to a private registry. The oc-mirror plug-in is commonly used for this and requires an ImageSetConfiguration file detailing the catalogs’ and operators' names, channels, and versions used in the disconnected environment.
One of the challenges with using oc-mirror is the time-consuming nature of collecting information for multiple operators, especially considering that the command needs to be run 2-3 times per operator. It makes the process cumbersome for system administrators, and repetitive tasks like this can be tedious and prone to errors. Although this process can be improved with automation, it is not always feasible to take the required time when we have deadlines to meet.
In this article, we'll explore an alternative approach to gathering this information efficiently without relying on oc-mirror. By leveraging some simple shell scripts, we will demonstrate how to automate this task effectively, enabling system administrators to save time and improve efficiency in their deployment workflows. Let's dive in and explore how to simplify collecting the OpenShift operator information through scripting.
What I mean by time-consuming using oc-mirror
Before we jump into the benefits of scripting for speeding up tasks, let's first explore why using oc-mirror plug-in to find details about the OpenShift operator can be quite time-consuming.
Consider the task of gathering information about the advanced-cluster-management operator. Since we will only ever use one version at a time, mirroring all versions of the channel is unnecessary. Therefore, we need to pinpoint the release version for a specific channel.
Confirm the operator is part of the Red Hat catalog’s operator:
$ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 |grep advanced-cluster-managementOutput:
advanced-cluster-management Advanced Cluster Management for Kubernetes release-2.10 real 1m7.263sList all available channels in a package:
$ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 --package advanced-cluster-managementOutput:
NAME DISPLAY NAME DEFAULT CHANNEL advanced-cluster-management Advanced Cluster Management for Kubernetes release-2.10 PACKAGE CHANNEL HEAD advanced-cluster-management release-2.10 advanced-cluster-management.v2.10.3 advanced-cluster-management release-2.9 advanced-cluster-management.v2.9.4 real 1m5.233sList all available versions in a channel:
$ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 --package advanced-cluster-management --channel release-2.10Output:
VERSIONS 2.10.0 2.10.1 2.10.2 2.10.3 real 1m2.604s
I included the time command to demonstrate the duration of running the oc-mirror plug-in command. Each of the three commands takes over three minutes to produce output. When multiplied by the number of operators requiring mirroring, there is clearly a need to develop a faster method for gathering operator information to configure the ImageSetConfiguration file required by the oc-mirror plugin.
Introducing a faster method
Since OpenShift v4.11, file-based catalogs have emerged as the latest iteration of the catalog format in Operator Lifecycle Manager (OLM). This format, characterized by plain file-based JSON files, represents a major evolution towards a declarative configuration compared to the earlier SQLite database format, making the process of extracting information from image catalogs remarkably more straight-forward
To retrieve an operator’s information, we simply need to copy it from the image catalog operators’ folder to a local drive. Within that directory lies one or multiple files of all the operators delivered with that specific catalog. It is facilitating the access to the operators’ data. Below is an example illustrating the process of copying the operator’s directory from the Red Hat operator catalog’s image.
Make sure you have the latest version of the Red Hat catalog’s operator:
$ podman pull registry.redhat.io/redhat/redhat-operator-index:v4.15Find the directory that contains all the operators' definition:
$ podman inspect --format '{{index .Config.Labels "operators.operatorframework.io.index.configs.v1"}}' registry.redhat.io/redhat/redhat-operator-index:v4.15Output:
/configsRun the catalog container using Podman:
$ podman run -d --name redhat-catalog registry.redhat.io/redhat/redhat-operator-index:v4.15Copy the configs directory to a local disk:
$ podman cp redhat-catalog:/configs . $ cd configs $ ls -ltOutput:
drwxr-xr-x 2 admin admin 26 Jun 3 15:22 3scale-operator drwxr-xr-x 2 admin admin 179 Jun 13 13:05 advanced-cluster-management drwxr-xr-x 2 admin admin 26 Jun 3 15:22 amq7-interconnect-operator drwxr-xr-x 2 admin admin 26 Jun 3 15:22 amq-broker-rhel8 drwxr-xr-x 2 admin admin 26 Jun 3 15:22 amq-online drwxr-xr-x 2 admin admin 26 Jun 3 15:22 amq-streams drwxr-xr-x 2 admin admin 26 Jun 3 15:22 ansible-automation-platform-operator drwxr-xr-x 2 admin admin 26 Jun 3 15:22 ansible-cloud-addons-operator drwxr-xr-x 2 admin admin 26 Jun 3 15:22 apicast-operator drwxr-xr-x 2 admin admin 26 Jun 3 15:22 authorino-operator drwxr-xr-x 2 admin admin 26 Jun 3 15:22 aws-efs-csi-driver-operator … … …Stop the container since we don’t need it anymore:
$ podman stop redhat-catalogRemove the container:
$ podman rm redhat-catalog
Collecting the operator’s details using the operator's catalog.json files
Once the operator’s details are collected, we will find one or multiple YAML file(s) in the directory. The file(s) serve as a comprehensive repository of all the essential details about the operator.
In this example, the directory has one sub-directory for each operator. To extract specific information from the catalog.json file, such as advanced-cluster-management, we can leverage tools like the jq command to filter the data efficiently since the file is in JSON format. This streamlined approach simplifies the process of extracting OpenShift operator information, enhancing efficiency and enabling seamless integration into deployment workflows.
We can extract information from the config.json file using jq command
Get the operator's name:
$ jq -cs . advanced-cluster-management/catalog.json |jq .[0].nameOutput:
"advanced-cluster-management"- Get all the operator release version(s) for the default channel:
Get the operator default channel:
$ time OPDEFCHAN=$(jq -cs . advanced-cluster-management/catalog.json |jq .[0].defaultChannel)Output:
real 0m0.061sShow the content of the OPDEFCHAN variable:
$ echo $OPDEFCHANOutput:
"release-2.10"Get the operator releases:
$ time OPRELEASE=$(jq -cs . advanced-cluster-management/catalog.json |jq ".[] |select(.name==$OPDEFCHAN)"|jq .entries[].name)Output:
real 0m0.063sShow the content of the OPRELEASE variable:
$ echo $OPRELEASEOutput:
"advanced-cluster-management.v2.10.0" "advanced-cluster-management.v2.10.1" "advanced-cluster-management.v2.10.2" "advanced-cluster-management.v2.10.3"
Get the names of the operator releases:
$ VERSION="" $ time for release in ${OPRELEASE[@]}; do export release=$(echo $release|tr -d "\""); VERSION="$VERSION $(jq -cs . advanced-cluster-management/catalog.json |jq -r --arg n "$release" '.[]|select(.name == $n)'|jq '.properties[] |select(.type=="olm.package")'|jq .value.version)";doneOutput:
real 0m0.276sShow the content of the VERSION variable:
$ echo $VERSIONOutput:
"2.10.0" "2.10.1" "2.10.2" "2.10.3" "2.10.0" "2.10.1" "2.10.2" "2.10.3"Get the last value from the
$VERSIONarray:$ echo $(echo $VERSION|awk '{print $NF}')Output:
"2.10.3"
Conclusion
In conclusion, we've seen how even with minimal scripting knowledge, we can develop a script to streamline the process of gathering information on desired operators within OpenShift. By looping through these operators, we collect their respective channels and release data. It is worth noting that all default operator catalogs provided by Red Hat adhere to the same file-based format, which simplifies the scripting process.
The benefits of scripting and automating our routine tasks are obvious. By scripting the collection of OpenShift operators, we not only save time but also enhance the efficiency of adding operators to our ImageSetConfiguration configuration file. This streamlined approach not only simplifies our workflows but also contributes to greater agility and scalability in managing our OpenShift environments.
References
OpenShift documentation: https://docs.openshift.com
