Bug 1889945 - [DOCS] provide the prerequisite to enable ImageStream through mirror registry for must-gather IS
Summary: [DOCS] provide the prerequisite to enable ImageStream through mirror registry...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.5.z
Assignee: Kathryn Alexander
QA Contact: XiuJuan Wang
Vikram Goyal
Depends On:
TreeView+ depends on / blocked
Reported: 2020-10-21 03:18 UTC by Daein Park
Modified: 2020-11-10 19:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-11-10 19:44:33 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Daein Park 2020-10-21 03:18:09 UTC
Document URL: 

* Gathering data about your cluster
  [ https://docs.openshift.com/container-platform/4.5/support/gathering-cluster-data.html ]

Section Number and Name: 

* Gathering data about your cluster for Red Hat Support
  [ https://docs.openshift.com/container-platform/4.5/support/gathering-cluster-data.html#support_gathering_data_gathering-cluster-data ]

Describe the issue: 

There is no mention about adding the required trusted CAs for the mirror before using ImageStream on the restricted network environments.
It's going to cause the import image command failure.

If your cluster is using a restricted network you must import the default must-gather image before running the oc adm must-gather command.

$ oc import-image is/must-gather -n openshift

Suggestions for improvement: 

Notify a procedure to add the required trusted CAs for the mirror together at the same section for must-gather.
The similar procedure is already provided in the other section[0], the procedure is also required for the section for must-gather.

[0] Using Cluster Samples Operator imagestreams with alternate or mirrored registries
    [ https://docs.openshift.com/container-platform/4.5/openshift_images/samples-operator-alt-registry.html#installation-restricted-network-samples_samples-operator-alt-registry ]
The cli, installer, must-gather, and tests imagestreams, while part of the install payload, are not managed by the Cluster Samples Operator.
These are not addressed in this procedure.

4. Add the required trusted CAs for the mirror in the cluster’s image configuration object:

$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge

Additional information: 

This issue is reported by CU.

Comment 2 Kathryn Alexander 2020-10-28 18:17:04 UTC
Daein and I have updated the PR, and I think that all the information is in the best place possible.

Shengsheng Cheng, I think that this issue is most closely related to auth because it involves changing the trusted CA. Will you PTAL or help me find the right person to provide QE?

Comment 3 XiuJuan Wang 2020-11-02 02:29:04 UTC
The docs pr looks good to me.

Comment 4 Kathryn Alexander 2020-11-02 20:19:41 UTC
Thanks! I've merged the change and am waiting for it to go live.

Note You need to log in before you can comment on or make changes to this bug.