$ sudo ./mirror-registry install \
--quayHostname <host_example_com> \
--quayRoot <example_directory_name>
The mirror registry for Red Hat OpenShift is a small and streamlined container registry that you can use as a target for mirroring the required container images of OpenShift Container Platform for disconnected installations.
If you already have a container image registry, such as Red Hat Quay, you can skip this section and go straight to Mirroring the OpenShift Container Platform image repository.
An OpenShift Container Platform subscription.
Red Hat Enterprise Linux (RHEL) 8 with Podman 3.3 installed.
Fully qualified domain name for the Red Hat Quay service, which must resolve through a DNS server.
Passwordless sudo
access on the target host.
Key-based SSH connectivity on the target host. SSH keys are automatically generated for local installs. For remote hosts, you must generate your own SSH keys.
2 or more vCPUs.
8 GB of RAM.
About 12 GB for OpenShift Container Platform 4.11 release images, or about 358 GB for OpenShift Container Platform 4.11 release images and OpenShift Container Platform 4.11 Red Hat Operator images. Up to 1 TB per stream or more is suggested.
These requirements are based on local testing results with only release images and Operator images. Storage requirements can vary based on your organization’s needs. You might require more space, for example, when you mirror multiple z-streams. You can use standard Red Hat Quay functionality to remove unnecessary images and free up space. |
For disconnected deployments of OpenShift Container Platform, a container registry is required to carry out the installation of the clusters. To run a production-grade registry service on such a cluster, you must create a separate registry deployment to install the first cluster. The mirror registry for Red Hat OpenShift addresses this need and is included in every OpenShift subscription. It is available for download on the OpenShift console Downloads page.
The mirror registry for Red Hat OpenShift allows users to install a small-scale version of Red Hat Quay and its required components using the mirror-registry
command line interface (CLI) tool. The mirror registry for Red Hat OpenShift is deployed automatically with pre-configured local storage and a local database. It also includes auto-generated user credentials and access permissions with a single set of inputs and no additional configuration choices to get started.
The mirror registry for Red Hat OpenShift provides a pre-determined network configuration and reports deployed component credentials and access URLs upon success. A limited set of optional configuration inputs like fully qualified domain name (FQDN) services, superuser name and password, and custom TLS certificates are also provided. This provides users with a container registry so that they can easily create an offline mirror of all OpenShift Container Platform release content when running OpenShift Container Platform in restricted network environments.
The mirror registry for Red Hat OpenShift is limited to hosting images that are required to install a disconnected OpenShift Container Platform cluster, such as Release images or Red Hat Operator images. It uses local storage on your Red Hat Enterprise Linux (RHEL) machine, and storage supported by RHEL is supported by the mirror registry for Red Hat OpenShift. Content built by customers should not be hosted by the mirror registry for Red Hat OpenShift.
Unlike Red Hat Quay, the mirror registry for Red Hat OpenShift is not a highly-available registry and only local file system storage is supported. Using the mirror registry for Red Hat OpenShift with more than one cluster is discouraged, because multiple clusters can create a single point of failure when updating your cluster fleet. It is advised to leverage the mirror registry for Red Hat OpenShift to install a cluster that can host a production-grade, highly-available registry such as Red Hat Quay, which can serve OpenShift Container Platform content to other clusters.
Use of the mirror registry for Red Hat OpenShift is optional if another container registry is already available in the install environment.
This procedure explains how to install the mirror registry for Red Hat OpenShift on a local host using the mirror-registry
installer tool. By doing so, users can create a local host registry running on port 443 for the purpose of storing a mirror of OpenShift Container Platform images.
Installing the mirror registry for Red Hat OpenShift using the |
Download the mirror-registry.tar.gz
package for the latest version of the mirror registry for Red Hat OpenShift found on the OpenShift console Downloads page.
Install the mirror registry for Red Hat OpenShift on your local host with your current user account by using the mirror-registry
tool. For a full list of available flags, see "mirror registry for Red Hat OpenShift flags".
$ sudo ./mirror-registry install \
--quayHostname <host_example_com> \
--quayRoot <example_directory_name>
Use the user name and password generated during installation to log into the registry by running the following command:
$ podman login -u init \
-p <password> \
<host_example_com>:8443> \
--tls-verify=false (1)
1 | You can avoid running --tls-verify=false by configuring your system to trust the generated rootCA certificates. See "Using SSL to protect connections to Red Hat Quay" and "Configuring the system to trust the certificate authority" for more information. |
You can also log in by accessing the UI at |
You can mirror OpenShift Container Platform images after logging in. Depending on your needs, see either the "Mirroring the OpenShift Container Platform image repository" or the "Mirroring Operator catalogs for use with disconnected clusters" sections of this document.
If there are issues with images stored by the mirror registry for Red Hat OpenShift due to storage layer problems, you can remirror the OpenShift Container Platform images, or reinstall mirror registry on more stable storage. |
This procedure explains how to update the mirror registry for Red Hat OpenShift from a local host using the upgrade
command. Updating to the latest version ensures bug fixes and security vulnerability fixes.
When updating, there is intermittent downtime of your mirror registry, as it is restarted during the update process. |
You have installed the mirror registry for Red Hat OpenShift on a local host.
To upgrade the mirror registry for Red Hat OpenShift from localhost, enter the following command:
$ sudo ./mirror-registry upgrade -v
Users who upgrade the mirror registry for Red Hat OpenShift with the |
This procedure explains how to install the mirror registry for Red Hat OpenShift on a remote host using the mirror-registry
tool. By doing so, users can create a registry to hold a mirror of OpenShift Container Platform images.
Installing the mirror registry for Red Hat OpenShift using the |
Download the mirror-registry.tar.gz
package for the latest version of the mirror registry for Red Hat OpenShift found on the OpenShift console Downloads page.
Install the mirror registry for Red Hat OpenShift on your local host with your current user account by using the mirror-registry
tool. For a full list of available flags, see "mirror registry for Red Hat OpenShift flags".
$ sudo ./mirror-registry install -v \
--targetHostname <host_example_com> \
--targetUsername <example_user> \
-k ~/.ssh/my_ssh_key \
--quayHostname <host_example_com> \
--quayRoot <example_directory_name>
Use the user name and password generated during installation to log into the mirror registry by running the following command:
$ podman login -u init \
-p <password> \
<host_example_com>:8443> \
--tls-verify=false (1)
1 | You can avoid running --tls-verify=false by configuring your system to trust the generated rootCA certificates. See "Using SSL to protect connections to Red Hat Quay" and "Configuring the system to trust the certificate authority" for more information. |
You can also log in by accessing the UI at |
You can mirror OpenShift Container Platform images after logging in. Depending on your needs, see either the "Mirroring the OpenShift Container Platform image repository" or the "Mirroring Operator catalogs for use with disconnected clusters" sections of this document.
If there are issues with images stored by the mirror registry for Red Hat OpenShift due to storage layer problems, you can remirror the OpenShift Container Platform images, or reinstall mirror registry on more stable storage. |
This procedure explains how to update the mirror registry for Red Hat OpenShift from a remote host using the upgrade
command. Updating to the latest version ensures bug fixes and security vulnerability fixes.
When updating, there is intermittent downtime of your mirror registry, as it is restarted during the update process. |
You have installed the mirror registry for Red Hat OpenShift on a remote host.
To upgrade the mirror registry for Red Hat OpenShift from a remote host, enter the following command:
$ sudo ./mirror-registry upgrade -v --targetHostname <remote_host_url> --targetUsername <user_name> -k ~/.ssh/my_ssh_key
Users who upgrade the mirror registry for Red Hat OpenShift with the |
You can uninstall the mirror registry for Red Hat OpenShift from your local host by running the following command:
$ sudo ./mirror-registry uninstall -v \
--quayRoot <example_directory_name>
|
The following flags are available for the mirror registry for Red Hat OpenShift:
Flags | Description |
---|---|
|
A boolean value that disables interactive prompts. If set to |
|
The password of the init user created during Quay installation. Must be at leas |