From 2097e129b0778bb578c861c36ef5c601006e77dc Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 12 Feb 2026 09:16:35 +0100 Subject: [PATCH] Disconnected doc section Instead of pointing folks to a random blog post let's add a proper disconnected section to our docs --- content/learn/disconnected-installation.adoc | 185 +++++++++++++++++++ content/learn/quickstart.adoc | 2 +- 2 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 content/learn/disconnected-installation.adoc diff --git a/content/learn/disconnected-installation.adoc b/content/learn/disconnected-installation.adoc new file mode 100644 index 000000000..8d99b1d97 --- /dev/null +++ b/content/learn/disconnected-installation.adoc @@ -0,0 +1,185 @@ +--- +menu: + learn: + parent: Patterns quick start +title: Deploying in a disconnected network +weight: 22 +aliases: /learn/disconnected-installation/ +--- + +:toc: +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +[id="disconnected-installation"] += Deploy a validated pattern in a disconnected network + +A disconnected network is an infrastructure isolated from external internet access. +Deploying {solution-name-upstream} in this environment requires mirroring container images, configuring internal registries, and adjusting pattern configuration files. + +This guide describes deploying the {mcg-pattern} on {ocp} 4.19 in a disconnected network. +The same approach applies to other validated patterns, although the required images and Operators vary by pattern. + +.Prerequisites + +* One or more {ocp} clusters deployed in a disconnected network. +* An OCI-compliant registry accessible from the disconnected network, referred to as `registry.internal.disconnected.net` in this guide. +* A Git repository accessible from the disconnected network. +* (Optional) A virtual machine (VM) in the disconnected network to run commands. + +[NOTE] +==== +Deploying {ocp} in a disconnected network is outside the scope of this guide. For details, see the link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/disconnected_environments/index#about-installing-oc-mirror-v2[{ocp} disconnected environments documentation] for details. +==== + +[id="mirror-images"] +== 1. Mirror required container images to an internal registry + +Mirror all required container images to the internal registry. +The specific images you mirror depend on the pattern, the {ocp} version, and the required Operators. The example here mirrors images for the Multicloud GitOps pattern. + +.Procedure + +. Create an `imageset-config.yaml` file that lists the required platform images, Operators, and additional images: ++ +[source,yaml] +---- +kind: ImageSetConfiguration +apiVersion: mirror.openshift.io/v2alpha1 +mirror: + platform: + graph: true + channels: + - name: stable-4.19 + type: ocp + operators: + - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.19 + packages: + - name: lvms-operator + - name: advanced-cluster-management + channels: + - name: release-2.14 + - name: openshift-external-secrets-operator + channels: + - name: stable-v1 + - name: multicluster-engine + channels: + - name: stable-2.9 + - name: openshift-gitops-operator + channels: + - name: gitops-1.19 + - catalog: registry.redhat.io/redhat/community-operator-index:v4.19 + packages: + - name: patterns-operator + additionalImages: + - name: registry.redhat.io/ubi9/ubi-minimal:latest + - name: registry.connect.redhat.com/hashicorp/vault:1.20.2-ubi + - name: registry.access.redhat.com/ubi8/httpd-24:10.0-1755779646 + - name: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi + # Validated Patterns Helm charts + - name: quay.io/validatedpatterns/acm:0.1.17 + - name: quay.io/validatedpatterns/clustergroup:0.9.41 + - name: quay.io/validatedpatterns/gitea:0.0.3 + - name: quay.io/validatedpatterns/golang-external-secrets:0.1.5 + - name: quay.io/validatedpatterns/openshift-external-secrets:0.0.3 + - name: quay.io/validatedpatterns/hashicorp-vault:0.1.6 + - name: quay.io/validatedpatterns/utility-container:latest + - name: quay.io/validatedpatterns/imperative-container:v1 + - name: quay.io/validatedpatterns/pattern-install:0.0.11 + - name: docker.io/gitea/gitea:1.22.6-rootless +---- + +. Run the mirror command and specify a local cache directory and the target registry: ++ +[source,terminal] +---- +oc mirror --config=/var/cache/oc-mirror/imageset-config.yaml \ + --workspace file:///var/cache/oc-mirror/workspace \ + docker://registry.internal.disconnected.net --v2 <1> +---- +<1> The example uses the `--v2` flag to mirror images. ++ +When mirroring completes, `oc mirror` generates resource files in the `/var/cache/oc-mirror/workspace/working-dir/cluster-resources` directory. + +. Apply the generated resource files to the cluster so that the cluster can resolve images from the internal registry: ++ +[source,terminal] +---- +cd /var/cache/oc-mirror/workspace/working-dir/cluster-resources +oc apply -f cs-community-operator-index-v4-19.yaml \ + cs-redhat-operator-index-v4-19.yaml idms-oc-mirror.yaml \ + itms-oc-mirror.yaml +---- ++ +[IMPORTANT] +==== +The catalog source names generated by the `oc mirror` command, such as `cs-redhat-operator-index-v4-19`, are required to configure the pattern values files. Do not change these names. +==== + +[id="configure-pattern"] +== 2. Configure the pattern for disconnected use + +Update the pattern values files to reference the mirrored catalog sources and the internal Helm chart registry. +Verify that the `origin` remote for the local Git clone points to the disconnected Git server by running the `git remote -v` command. + +.Procedure + +. In the `values-global.yaml` file, point the Helm chart repository to the internal registry and configure operator sources: ++ +[source,yaml] +---- +main: + multiSourceConfig: + enabled: true + clusterGroupChartVersion: "0.9.*" + helmRepoUrl: registry.internal.disconnected.net/validatedpatterns + patternsOperator: + source: cs-community-operator-index-v4-19 <1> + gitops: + operatorSource: cs-redhat-operator-index-v4-19 <1> +---- +<1> The catalog source names must match the generated catalog sources from the `oc mirror` command. + +. In the `values-hub.yaml` file, configure operator sources for hub-specific components: ++ +[source,yaml] +---- +acm: + mce_operator: + source: cs-redhat-operator-index-v4-19 + +clusterGroup: + subscriptions: + acm: + name: advanced-cluster-management + namespace: open-cluster-management + channel: release-2.14 + source: cs-redhat-operator-index-v4-19 +---- + +. Commit and push these changes to the disconnected Git server. + +[id="deploy-pattern"] +== 3. Deploy the pattern + +After mirroring images and configuring the pattern, deploy the pattern from a machine that has access to the disconnected cluster and the Git repository. + +.Procedure + +* Point the installation program to the mirrored Helm chart registry and deploy the pattern: ++ +[source,terminal] +---- +export PATTERN_DISCONNECTED_HOME=registry.internal.disconnected.net/validatedpatterns +./pattern.sh make install +---- ++ +The cluster converges to the specified state and the pattern installs. + +== Adapting this guide for other patterns + +When deploying a different pattern in a disconnected network: + +* Identify all Operators required by the pattern and add them to the Operators list in the `imageset-config.yaml` file. +* Identify all additional container images referenced by the pattern Helm charts and add them to the `additionalImages` list. +* Update the `values-global.yaml`, `values-hub.yaml`, and site-specific values files to reference the correct catalog source names for operator subscriptions. diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 64d2f68c8..40200ac33 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -55,5 +55,5 @@ Before beginning, ensure you have the following: * An OCI-compliant registry that is accessible from the disconnected network * A Git Repository that is accessible from the disconnected network -For more information on disconnected installation, see link:/blog/2024-10-12-disconnected/[Validated Patterns in a disconnected Network]. +For more information on disconnected installation, see link:/learn/disconnected-installation/[Deploying in a disconnected network].