wtam2018/Installing GitOps Operator Candidate in Disconnected Cluster

## Installing GitOps Operator Candidate in Disconnected Cluster
0. Install the latest "oc" openshift-client and opm tool

   https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest-4.7/

1. Login as kubeadmin

2. Connect to VPN

(skip) 2.1. Disable default operator indices

    $ oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources",
"value": true}]'

3. Extract pull secret of mirror registry to "authfile"

   $ oc get secrets pull-secret -n openshift-config -o template='{{index .data ".dockerconfigjson"}}' | base64 -d > authfile

   authfile looks like:
   {
        "auths": {
            "ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000": {
               "auth": "xxxxxxxxxxxxx"
            }
        }
  }

  ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000 is the <ec2 mirror registry>

 4. Add auth tokens of quay.io, "registry.redhat.io" to <authfile>

 5. Disable tls verify for ec2 mirror

   $ oc edit image.config.openshift.io/cluster

   and the following under spec.  Note: <ec2 mirror registry> without port just the host

spec:
  allowedRegistriesForImport:
  - domainName: <ec2 mirror registry>
    insecure: true
  registrySources:
    insecureRegistries:
    - <ec2 mirror registry>

6. Mirror (the mirrored index in quay.io) index/catalog to mirror registry

  $ oc adm catalog mirror -a authfile --insecure=true \
    quay.io/wtam/test-index@sha256:6b91e91c14ef7accd4446016b396ff2f6943b3a184ad61fa1d16b3d7e2278335 <ec2 mirror registry>

  When the above mirror command is done, it generates 3 files in a sub-directory

  ── manifests-test-index-1612951393
    ├── catalogSource.yaml
    ├── imageContentSourcePolicy.yaml
    └── mapping.txt

 7.oc apply -f manifests-test-index-1612951393l


 Done.  Now go to the dev console
	0. Install the latest "oc" openshift-client and opm tool

	https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest-4.7/

	1. Login as kubeadmin

	2. Connect to VPN

	(skip) 2.1. Disable default operator indices

	$ oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources",
	"value": true}]'

	3. Extract pull secret of mirror registry to "authfile"

	$ oc get secrets pull-secret -n openshift-config -o template='{{index .data ".dockerconfigjson"}}' \| base64 -d > authfile

	authfile looks like:
	{
	"auths": {
	"ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000": {
	"auth": "xxxxxxxxxxxxx"
	}
	}
	}

	ec2-3-137-162-14.us-east-2.compute.amazonaws.com:5000 is the <ec2 mirror registry>

	4. Add auth tokens of quay.io, "registry.redhat.io" to <authfile>

	5. Disable tls verify for ec2 mirror

	$ oc edit image.config.openshift.io/cluster

	and the following under spec. Note: <ec2 mirror registry> without port just the host

	spec:
	allowedRegistriesForImport:
	- domainName: <ec2 mirror registry>
	insecure: true
	registrySources:
	insecureRegistries:
	- <ec2 mirror registry>

	6. Mirror (the mirrored index in quay.io) index/catalog to mirror registry

	$ oc adm catalog mirror -a authfile --insecure=true \
	quay.io/wtam/test-index@sha256:6b91e91c14ef7accd4446016b396ff2f6943b3a184ad61fa1d16b3d7e2278335 <ec2 mirror registry>

	When the above mirror command is done, it generates 3 files in a sub-directory

	── manifests-test-index-1612951393
	├── catalogSource.yaml
	├── imageContentSourcePolicy.yaml
	└── mapping.txt

	7.oc apply -f manifests-test-index-1612951393l


	Done. Now go to the dev console