You might need to install the identity configuration management for Kubernetes operator on Red Hat OpenShift Container Platform clusters that are not connected to the Internet. The procedure to install on a disconnected environment requires some of the same steps as the connected installation.
You must download copies of the packages to access them during the installation, rather than accessing them directly from the network during the installation.
Note
|
Upgrades are not supported from identity configuration management for Kubernetes v0.1.0. If you have v0.1.0 installed, you will need to uninstall it before installing v0.2.0 or higher. |
Prerequisites
You must meet the following requirements before you install the identity configuration management for Kubernetes operator:
-
Red Hat OpenShift Container Platform version 4.8.12 or later must be deployed in your environment, and you must be logged in with the command line interface (CLI).
-
You need access to the catalog.redhat.com.
Note: For managing bare metal clusters, you must have OpenShift Container Platform version 4.8.12 or later.
-
Your Red Hat OpenShift Container Platform CLI must be version 4.8 or later, and configured to run
oc
commands. See Getting started with the CLI for information about installing and configuring the Red Hat OpenShift CLI. -
Your Red Hat OpenShift Container Platform permissions must allow you to create a namespace.
-
You must have a workstation with Internet connection to download the dependencies for the operator.
Confirm your OpenShift Container Platform installation
-
You must have a supported OpenShift Container Platform version, including the registry and storage services, installed and working in your cluster. For information about OpenShift Container Platform version 4.8, see OpenShift Container Platform Documentation.
-
When and if you are connected, you can ensure that the OpenShift Container Platform cluster is set up correctly. Access the OpenShift Container Platform web console.
Run the
kubectl -n openshift-console get route
command to access the OpenShift Container Platform web console. See the following example output:openshift-console console console-openshift-console.apps.new-coral.purple-chesterfield.com console https reencrypt/Redirect None
The console URL in this example is:
https:// console-openshift-console.apps.new-coral.purple-chesterfield.com
. Open the URL in your browser and check the result.If the console URL displays
console-openshift-console.router.default.svc.cluster.local
, set the value foropenshift_master_default_subdomain
when you install OpenShift Container Platform.
See Sizing your cluster to learn about setting up capacity for your operator.
Installing in a disconnected environment
Important: You need to download the required images to a mirroring registry to install the operators in a disconnected environment. Without the download, you might receive ImagePullBackOff
errors during your deployment.
Follow these steps to install the identity configuration management for Kubernetes operator in a disconnected environment:
-
Create a mirror registry. If you do not already have a mirror registry, create one by completing the procedure in the Mirroring images for a disconnected installation topic of the Red Hat OpenShift Container Platform documentation.
If you already have a mirror registry, you can configure and use your existing one.
-
Create a YAML file that contains the
ImageContentSourcePolicy
with the nameidp-mgmt-config-policy.yaml
. Note: If you modify this on a running cluster, it causes a rolling restart of all nodes.apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: name: identity-config spec: repositoryDigestMirrors: - mirrors: - mirror.registry.com:5000/identity-config source: registry.redhat.io/identity-config
-
Apply the ImageContentSourcePolicy file by entering the following command:
oc apply -f idp-mgmt-config-policy.yaml
-
Enable the disconnected Operator Lifecycle Manager Red Hat Operators and Community Operators.
the identity configuration management for Kubernetes operator is included in the Operator Lifecycle Manager Red Hat Operator catalog.
-
Configure the disconnected Operator Lifecycle Manager for the Red Hat Operator catalog. Follow the steps in the https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/operators/administrator-tasks# Operator Lifecycle Manager-restricted-networks[Using Operator Lifecycle Manager on restricted networks] topic of the Red Hat OpenShift Container Platform documentation.
-
Now that you have the image in the disconnected Operator Lifecycle Manager, continue to install the identity configuration management for Kubernetes operator for Kubernetes from the Operator Lifecycle Manager catalog.
See Installing while connected online for the required steps.