IBM Cloud Global

 View Only

Installing a PostgreSQL database in an OpenShift air gap environment (Part I)

By Pam Andrejko posted Wed August 18, 2021 04:36 PM

- Michele Chilanti, Pam Andrejko

After you provision an OpenShift cluster in an air gap (or disconnected) environment, you might think the hard work is done. But depending on how you provisioned the cluster, when you open OperatorHub in your OpenShift console, the Red Hat Catalog operators might not be there. When a Cloud Pak requires a service from the catalog, such as Strimzi or PostgreSQL, additional steps are required to mirror those operator images. This two-part blog series walks you through how to mirror the operators and provides an example of how to deploy and configure the Enterprise DB PostgreSQL operator.  Part II also shows how to deploy a test client that can be used to verify that an application can connect to the database.

Part I: Mirroring the operators from the Red Hat catalog

The Red Hat documentation describes how to mirror the operator images. Red Hat operators are available from Because the PostgreSQL we plan to install is from EnterpriseDB, it is considered a third-party service, and is available from instead. This distinction becomes important later when we mirror the images.

These instructions assume you configured a local mirror registry for the Red Hat images when you installed OpenShift in your air gap environment. In this example, we use a local Docker registry. Perform the following steps to mirror the operators and then add them to the Red Hat Catalog.

1. From a command line, log in to  and then using your Red Hat credentials. This action saves your credentials to a file named ${XDG_RUNTIME_DIR}/containers/auth.json .

podman login
podman login
export REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json​


2. Next, log in to your local container registry where you will mirror the images to, for example:


3. Run the following command to mirror the registry that contains the PostgreSQL operator:
  • oc adm catalog mirror \
          -a ${REG_CREDS} \
          --insecure \
  • where:
  • - --insecure is only required if your registry is considered insecure.
  • - --index-filter-by-os depends on your environment. Valid values are linux/amd64, linux/ppc64le, and linux/s390x.
  • Note: The Enterprise DB PostgreSQL operator is mirrored from  Other Red Hat operators such as Strimzi or kNative can be mirrored using the same command but from the registry. For example to mirror those you would specify:
  • oc adm catalog mirror \
          -a ${REG_CREDS} \
          --insecure \
  • To determine which registry to use on the mirror command, log in to the Red Hat operator registry and search for the operator you need to mirror. Not all third-party operators are available for the disconnected environment. Check this list to be sure.
This step will take a while to complete.

4. When the mirroring completes, the required catalogSource.yaml and imageContentSourcePolicy.yaml files are generated for you.  Look for the following line in the output to locate the folder that contains these files in your working directory:
  • wrote mirroring manifests to manifests-certified-operator-index-<some_key>
5. Then apply the image content source policy yaml from that folder.

  • cd manifests-certified-operator-index-<some_key>
    oc project <your_namespace>
    oc apply -f imageContentSourcePolicy.yaml
  • The update to the image  image content source policy triggers a  reboot of all of the nodes in your cluster. Wait for all the nodes to restart before proceeding. Run the following command to determine when the nodes are ready:
  • oc get machineconfigpool -w
6. Apply the catalog source yaml to add the certified operators to the Red Hat catalog:
  • oc apply -f catalogSource.yaml
  • Check your OperatorHub in your Openshift web console. The PostgreSQL operator should now be visible.

This concludes Part I of the series. You have mirrored and installed the Red Hat operator images that you need. Part II of this series demonstrates how to deploy, configure and then test the Enterprise DB PostgreSQL operator to confirm it is working.