Description of problem: Could not deploy Service Telemtry Framework in a disconnected OpenShift environment. This could be a RFI bug , but it could be a requirement from almost all Telcos who doesn't want to connect their cloud to internet. Version-Release number of selected component (if applicable): Red Hat OpenStack 13 How reproducible: Always. Steps to Reproduce: 1. Deploy OpenShift in a disconnected network. Follow the doc here . https://docs.openshift.com/container-platform/4.4/welcome/index.html 2. Create a local Operator hub using this doc https://docs.openshift.com/container-platform/4.4/operators/olm-restricted-networks.html 3. Follow https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/service_telemetry_framework/index to start deploying STF in OpenShift. 4. Create a local repository for Community Operator hub catalog using similar procedures outlined in the "Create a local Operator hub doc" 5. Try to subscribe to the AMQ Certificate Manager Operator (section 2.3.7) from redhat-operator hub. Subscription works but it won't be able to pull container images from the local repositories. My thought on this issue is that, though I have a `ImageContentSourcePolicy` setup in OpenShift and points to the local repository as mirror, the operator is looking for container images with a tag instead of digest. But as per the disconnected OLM documentation all image References should be by a digest (SHA) and not by a tag. So in-order to satisfy the requirements of disconnect OLM deployment all the STF operators needs to be updated to point to digests instead of tags. Actual results: AMQ Cert Manager operator deployment fails. Haven't tried other operators, but most probably they will have the same fate. Expected results: STF deployed in a disconnected OpenShift environment using a disconnected OLM. Additional info:
I'm targeting this for STF 1.2. Will need to coordinate with other teams likely and do some testing to identify all the Operators that might need to be adjusted.
So far I could locate the following containers with tags stf/service-telemetry-rhel7-operator:1.0.3 stf/smart-gateway-rhel7-operator:2.0.1 stf/smart-gateway-rhel8:2.0.1 stf/sg-core-rhel8:3.0.0 stf/sg-bridge-rhel8:1.0.0 amq7/amq-cert-manager:1.0 amq7/amq-interconnect:1.8 I think Prometheus uses digest instead of tags. I haven't tried installing Elasticsearch yet, probably it also has the same issue.
Note that at lest the AMQ Interconnect operator is not disconnected compatible, per https://access.redhat.com/articles/4740011 For STF 1.1 the CSV should be closer to supporting a disconnected installation in OCP 4.5. We're adding the `relatedImages` and linking all container images to the sha256 hash as the tag vs the named tag. I also haven't checked the ElasticSearch (ECK) operator.
Hi Leif, Is there any current work around for installing STF in a disconnected environment or do we need to wait until this RFE has been complete?
This work is not yet scheduled, but I expect it to move up in priority. At this time there has not been a scoping effort or assignment for this RFE.
Status update: Investigations ongoing. Depends on fully-supported stack which means all components are available from the Red Hat Operators CatalogSource as support for a fully disconnected installation is dependent on components we do not control. Target early-mid 2024.