diff --git a/ibm/mas_devops/common_tasks/detect_airgap.yml b/ibm/mas_devops/common_tasks/detect_airgap.yml index f58e883a1e..92770a5423 100644 --- a/ibm/mas_devops/common_tasks/detect_airgap.yml +++ b/ibm/mas_devops/common_tasks/detect_airgap.yml @@ -18,11 +18,21 @@ - mas.ibm.com/idmsContent=ibm register: idms_lookup +# 3. Look for the new aiservice IDMS +# ----------------------------------------------------------------------------- +- name: "detect-airgap : Look for the MAS ImageDigestMirrorSet" + kubernetes.core.k8s_info: + api_version: config.openshift.io/v1 + kind: ImageDigestMirrorSet + label_selectors: + - aiservice.ibm.com/idmsContent=ibm + register: aiservice_idms_lookup + # 3. Set the airgap boolena and print debug # ----------------------------------------------------------------------------- - name: "detect-airgap : Set airgap_install property" set_fact: - airgap_install: "{{ idms_lookup.resources | length == 1 | bool }}" + airgap_install: "{{ ( idms_lookup.resources | length == 1 or aiservice_idms_lookup.resources | length == 1 ) | bool }}" - name: "detect-airgap : Debug Airgap detection" debug: diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml index a79ef9cbd0..f70778046b 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml @@ -1,12 +1,35 @@ --- + +- name: Get authorino operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: authorino-operator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: authorino_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - authorino_operator_manifest is defined + - authorino_operator_manifest.resources is defined + - authorino_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: authorino-operator" + +- name: Set the subscription information + set_fact: + authorino_operator_source: "{{ authorino_operator_manifest.resources[0].status.catalogSource }}" + authorino_operator_source_namespace: "{{ authorino_operator_manifest.resources[0].status.catalogSourceNamespace }}" + authorino_operator_default_channel: "{{ authorino_operator_manifest.resources[0].status.defaultChannel }}" + # 1. Install Operator & create entitlement openshift-authorino # ----------------------------------------------------------------------------- - name: "Install Openshift authorino Operator" ibm.mas_devops.apply_subscription: namespace: "{{ openshift_namespace }}" package_name: "authorino-operator" - package_channel: "{{ serverless_channel }}" # This looks wrong, but that's what was in the original template - catalog_source: "{{ authorino_catalog_source }}" + package_channel: "{{ authorino_operator_default_channel }}" + catalog_source: "{{ authorino_operator_source }}" register: subscription diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml index 3129a789b6..e2598a829f 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml @@ -1,9 +1,32 @@ --- +- name: Get servless operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: serverless-operator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: serverless_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - serverless_operator_manifest is defined + - serverless_operator_manifest.resources is defined + - serverless_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: serverless-operator" + +- name: Set the subscription information + set_fact: + serverless_operator_source: "{{ serverless_operator_manifest.resources[0].status.catalogSource }}" + serverless_operator_source_namespace: "{{ serverless_operator_manifest.resources[0].status.catalogSourceNamespace }}" + serverless_operator_default_channel: "{{ serverless_operator_manifest.resources[0].status.defaultChannel }}" + +# 1. Install Operator & create entitlement serverless +# ----------------------------------------------------------------------------- - name: "install : Create Serverless Subscription" ibm.mas_devops.apply_subscription: - namespace: openshift-serverless - package_name: serverless-operator - package_channel: stable - catalog_source: redhat-operators - catalog_source_namespace: openshift-marketplace + namespace: "{{ serverless_namespace }}" + package_name: "serverless-operator" + package_channel: "{{ serverless_operator_default_channel }}" + catalog_source: "{{ serverless_operator_source }}" register: serverless_subscription diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml index ff24d1d241..8539fbcff1 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml @@ -1,12 +1,35 @@ --- + +- name: Get service mesh operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: servicemeshoperator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: service_mesh_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - service_mesh_operator_manifest is defined + - service_mesh_operator_manifest.resources is defined + - service_mesh_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: servicemeshoperator" + +- name: Set the subscription information + set_fact: + service_mesh_operator_source: "{{ service_mesh_operator_manifest.resources[0].status.catalogSource }}" + service_mesh_operator_source_namespace: "{{ service_mesh_operator_manifest.resources[0].status.catalogSourceNamespace }}" + service_mesh_operator_default_channel: "{{ service_mesh_operator_manifest.resources[0].status.defaultChannel }}" + # 1. Install Operator & create entitlement openshift-service-mesh # ----------------------------------------------------------------------------- - name: "Install Openshift ServiceMesh Operator" ibm.mas_devops.apply_subscription: namespace: "{{ service_mesh_namespace }}" package_name: "servicemeshoperator" - package_channel: "{{ service_mesh_channel }}" - catalog_source: "{{ service_mesh_catalog_source }}" + package_channel: "{{ service_mesh_operator_default_channel }}" + catalog_source: "{{ service_mesh_operator_source }}" register: subscription diff --git a/ibm/mas_devops/roles/minio/defaults/main.yml b/ibm/mas_devops/roles/minio/defaults/main.yml index 1746b12a47..08ad58834e 100644 --- a/ibm/mas_devops/roles/minio/defaults/main.yml +++ b/ibm/mas_devops/roles/minio/defaults/main.yml @@ -23,4 +23,5 @@ minio_namespace: "{{ lookup('env', 'MINIO_NAMESPACE') | default('minio', True) } minio_instance_name: "{{ lookup('env', 'MINIO_INSTANCE_NAME') | default('minio', True) }}" minio_root_user: "{{ lookup('env', 'MINIO_ROOT_USER') | default('minio', True) }}" minio_root_password: "{{ lookup('env', 'MINIO_ROOT_PASSWORD') | default('', True) }}" -minio_version: "quay.io/minio/minio:latest" +# needs to move to catalog +minio_version: "RELEASE.2025-06-13T11-33-47Z" diff --git a/ibm/mas_devops/roles/minio/tasks/main.yml b/ibm/mas_devops/roles/minio/tasks/main.yml index fa3879b88a..fbeef739a3 100644 --- a/ibm/mas_devops/roles/minio/tasks/main.yml +++ b/ibm/mas_devops/roles/minio/tasks/main.yml @@ -6,6 +6,17 @@ # ----------------------------------------------------------------------------- - include_tasks: tasks/determine-storage-classes.yml +- name: Load minio defaults + include_vars: + file: "{{ role_path }}/../mirror_extras_prepare/vars/minio_{{ minio_version }}.yml" + +- name: Retrieve image setting parts + set_fact: + minio_image_name: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='name') | first }}" + minio_image_registry: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='registry') | first }}" + minio_image_digest: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='digest') | first }}" + minio_image_tag: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='tag') | first }}" + # create minio namespace - name: 'Create minio namespace' kubernetes.core.k8s: diff --git a/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 b/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 index 8853bd3368..925fe2abdd 100644 --- a/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 +++ b/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 @@ -19,7 +19,10 @@ spec: claimName: minio-pvc containers: - name: "{{ minio_instance_name }}" - image: "{{ minio_version }}" + image: "{{ minio_image_registry }}/{{ minio_image_name}}@{{ minio_image_digest}}" + metadata: + labels: + tag: "{{ minio_image_tag }}" command: - /bin/bash - -c diff --git a/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml b/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml new file mode 100644 index 0000000000..27773a2c79 --- /dev/null +++ b/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml @@ -0,0 +1,6 @@ +--- +extra_images: + - name: minio/minio + registry: quay.io + digest: sha256:064117214caceaa8d8a90ef7caa58f2b2aeb316b5156afe9ee8da5b4d83e12c8 + tag: RELEASE.2025-06-13T11-33-47Z diff --git a/ibm/mas_devops/roles/ocp_idms/README.md b/ibm/mas_devops/roles/ocp_idms/README.md index 7cb79914d8..9614fd0c12 100644 --- a/ibm/mas_devops/roles/ocp_idms/README.md +++ b/ibm/mas_devops/roles/ocp_idms/README.md @@ -1,6 +1,10 @@ ocp_idms =============================================================================== -Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog. Optionally can also install a second IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md). If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted. +Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog. +Also install IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md). +If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted. + +If PRODUCT_FAMILY is aiservice then it will install an **ImageTagMirrorSet** for OpenDataHub !!! warning This role doesn't work on IBMCloud ROKS. IBM Cloud RedHat OpenShift Service does not implement support for `ImageDigestMirrorSet`. If you want to use image mirroring you must manually configure each worker node individually using the IBM Cloud command line tool. @@ -59,6 +63,14 @@ If you are managing the Red Hat Operator Catalogs yourself the content therein m Role Variables ------------------------------------------------------------------------------- +### product_family +Creates the **ImageDigestMirrorSet** for the respective product family + +- **Required** +- Environment Variable: `PRODUCT_FAMILY` +- Default: `mas` +- Values: `mas` | `aiservice` + ### setup_redhat_release Instruct the role to setup **ImageDigestMirrorSet** for the mirrored release content generated by [mirror_ocp](mirror_ocp.md). This will create an additional policy named `ibm-mas-redhat-release`. diff --git a/ibm/mas_devops/roles/ocp_idms/defaults/main.yml b/ibm/mas_devops/roles/ocp_idms/defaults/main.yml index 1e1076d337..3e6149d0d9 100644 --- a/ibm/mas_devops/roles/ocp_idms/defaults/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/defaults/main.yml @@ -26,6 +26,7 @@ artifactory_auth: "{{ artifactory_username }}:{{ artifactory_token }}" registry_prefix: "{{ lookup('env', 'REGISTRY_PREFIX') | default('', true) }}" registry_private_url_with_path: "{{ registry_private_url }}{% if registry_prefix | length > 0 %}/{{ registry_prefix }}{% endif %}" idms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}" +itms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}" # Optional Registry Prefix - Red Hat Content @@ -40,3 +41,5 @@ idms_suffix_redhat: "{% if registry_prefix_redhat | length > 0 %}-{{ registry_pr redhat_catalogs_prefix: "{{ lookup('env', 'REDHAT_CATALOGS_PREFIX') | default('', true) }}" machine_config_multiupdate: "{{ lookup('env','MACHINE_CONFIG_MULTIUPDATE') | default('False',true) | bool}}" + +product_family: "{{ lookup('env','PRODUCT_FAMILY') | default('mas',true) }}" diff --git a/ibm/mas_devops/roles/ocp_idms/meta/main.yml b/ibm/mas_devops/roles/ocp_idms/meta/main.yml index 5f5c9f54c2..8522a46ce8 100644 --- a/ibm/mas_devops/roles/ocp_idms/meta/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/meta/main.yml @@ -20,5 +20,6 @@ galaxy_info: - devops - rhocp - airgap + - aiservice dependencies: [] diff --git a/ibm/mas_devops/roles/ocp_idms/tasks/main.yml b/ibm/mas_devops/roles/ocp_idms/tasks/main.yml index 6993686093..7edbb4f3db 100644 --- a/ibm/mas_devops/roles/ocp_idms/tasks/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/tasks/main.yml @@ -51,9 +51,17 @@ - name: Create ImageDigestMirrorSet kubernetes.core.k8s: apply: yes - template: 'templates/idms/mas-ibm-catalog.yml.j2' + template: 'templates/idms/{{ product_family }}/ibm-catalog.yml.j2' register: idms_result +# 4. IBM Maximo Operator Catalog +# ----------------------------------------------------------------------------- +- name: Create ImageDigestMirrorSet + kubernetes.core.k8s: + apply: yes + template: 'templates/itms/{{ product_family }}/itms.yml.j2' + when: product_family == "aiservice" + register: itms_result # 5. Red Hat Operator Catalogs # ----------------------------------------------------------------------------- @@ -88,7 +96,7 @@ when: setup_redhat_catalogs kubernetes.core.k8s: apply: yes - template: "templates/idms/mas-redhat-catalogs.yml.j2" + template: "templates/idms/{{product_family}}/redhat-catalogs.yml.j2" # 6. Red Hat Release Catalog @@ -97,7 +105,7 @@ when: setup_redhat_release kubernetes.core.k8s: apply: yes - template: "templates/idms/mas-redhat-release.yml.j2" + template: "templates/idms/{{product_family}}/redhat-release.yml.j2" # 7. Delete the old ICSPs @@ -131,5 +139,5 @@ # 7. Wait until the nodes have applied the updates # ----------------------------------------------------------------------------- - name: Wait for Machine Configs to update - when: idms_result.changed + when: idms_result.changed or itms_result.changed include_tasks: "{{ role_path }}/../../common_tasks/wait-machine-config-update.yml" diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 new file mode 100644 index 0000000000..713fbbe308 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 @@ -0,0 +1,75 @@ +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-ibm-catalog{{ idms_suffix }} + labels: + aiservice.ibm.com/idmsContent: ibm + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix }}" +spec: + imageDigestMirrors: + # 1. IBM Container Registry + # ------------------------------------------------------------------------- + # All IBM operators live in the cpopen namespace + - source: icr.io/cpopen + mirrors: + - {{ registry_private_url_with_path }}/cpopen + mirrorSourcePolicy: NeverContactSource + # IBM truststoremanager worker image lives in ibm-truststore-mgr namespace + - source: icr.io/ibm-truststore-mgr + mirrors: + - {{ registry_private_url_with_path }}/ibm-truststore-mgr + mirrorSourcePolicy: NeverContactSource + # IBM SLS content live in ibm-sls namespace + - source: icr.io/ibm-sls + mirrors: + - {{ registry_private_url_with_path }}/ibm-sls + mirrorSourcePolicy: NeverContactSource + # IBM UDS content live in ibm-uds namespace + - source: icr.io/ibm-uds + mirrors: + - {{ registry_private_url_with_path }}/ibm-uds + mirrorSourcePolicy: NeverContactSource + # IBM Db2 Universal operator content live in db2u namespace + - source: icr.io/db2u + mirrors: + - {{ registry_private_url_with_path }}/db2u + mirrorSourcePolicy: NeverContactSource + + # 2. IBM Entitled Container Registry + # ------------------------------------------------------------------------- + # All IBM entitled container images live under cp namespace + - source: cp.icr.io/cp + mirrors: + - {{ registry_private_url_with_path }}/cp + mirrorSourcePolicy: NeverContactSource + + # 3. Red Hat Quay.io Container Registry + # ------------------------------------------------------------------------- + # IBM common services live here + # MongoDb Community Edition Operator & associated container images + - source: quay.io/mongodb + mirrors: + - {{ registry_private_url_with_path }}/mongodb + mirrorSourcePolicy: NeverContactSource + - source: quay.io/minio + mirrors: + - {{ registry_private_url_with_path }}/minio + mirrorSourcePolicy: NeverContactSource + # Non-product IBM Maximo Application Suite images (e.g CLI & mirror of dockerhub mongodb image) + - source: quay.io/ibmmas + mirrors: + - {{ registry_private_url_with_path }}/ibmmas + mirrorSourcePolicy: NeverContactSource + +{% if artifactory_username != "" %} + # 4. Artifactory + # ------------------------------------------------------------------------- + - source: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local + mirrors: + - docker-us-south-edge-public.artifactory.swg-devops.com/wiotp-docker-local + mirrorSourcePolicy: NeverContactSource +{% endif %} diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 new file mode 100644 index 0000000000..a5297351a8 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 @@ -0,0 +1,104 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}certified-operator-index + namespace: openshift-marketplace +spec: + displayName: Certified Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat}}/redhat/certified-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}community-operator-index + namespace: openshift-marketplace +spec: + displayName: Community Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat }}/redhat/community-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}redhat-operator-index + namespace: openshift-marketplace +spec: + displayName: Red Hat Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat }}/redhat/redhat-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-redhat-catalogs{{ idms_suffix_redhat }} + labels: + aiservice.ibm.com/idmsContent: redhat-catalogs + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path_redhat }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix_redhat }}" + operators.openshift.org/catalog: "true" +spec: + imageDigestMirrors: + - mirrors: + - {{ registry_private_url_with_path_redhat }}/cpopen + source: icr.io/cpopen + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhel9 + source: registry.redhat.io/rhel9 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/odf4 + source: registry.redhat.io/odf4 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhceph + source: registry.redhat.io/rhceph + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift4 + source: registry.redhat.io/openshift4 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-community-operators + source: quay.io/openshift-community-operators + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-pipelines + source: registry.redhat.io/openshift-pipelines + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-serverless-1 + source: registry.redhat.io/openshift-serverless-1 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-service-mesh + source: registry.redhat.io/openshift-service-mesh + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/turbonomic + source: registry.connect.redhat.com/turbonomic + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rh-marketplace + source: quay.io/rh-marketplace + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rh-marketplace + source: registry.connect.redhat.com/rh-marketplace + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/cert-manager + source: registry.redhat.io/cert-manager + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhcl-1 + source: registry.redhat.io/rhcl-1 + mirrorSourcePolicy: NeverContactSource diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 new file mode 100644 index 0000000000..10f6fd1cfe --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 @@ -0,0 +1,21 @@ +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-redhat-release{{ idms_suffix_redhat }} + labels: + aiservice.ibm.com/idmsContent: redhat-release + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path_redhat }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix_redhat}}" +spec: + imageDigestMirrors: + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift/release + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift/release-images + source: quay.io/openshift-release-dev/ocp-release + mirrorSourcePolicy: NeverContactSource diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-ibm-catalog.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/ibm-catalog.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-ibm-catalog.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/ibm-catalog.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-catalogs.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-catalogs.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-catalogs.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-catalogs.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-release.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-release.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-release.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-release.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 new file mode 100644 index 0000000000..67ea15bb49 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 @@ -0,0 +1,17 @@ +apiVersion: config.openshift.io/v1 +kind: ImageTagMirrorSet +metadata: + name: aiservice-ibm-catalog{{ itms_suffix }} + labels: + aiserice.ibm.com/itmsContent: ibm + annotations: + aiservice.ibm.com/itmsRegistry: "{{ registry_private_url_with_path }}" + aiservice.ibm.com/itmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/itmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/itmsRegistryPrefix: "{{ registry_prefix }}" +spec: + imageTagMirrors: + - mirrorSourcePolicy: NeverContactSource + mirrors: + - {{ registry_private_url_with_path }}/opendatahub + source: quay.io/opendatahub