Skip to content

migtools/crane-plugin-openshift

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.github/workflows
.github/workflows
 
 
openshift
openshift
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

crane-plugin-openshift

OpenShift plugin for crane - handles OpenShift-specific resource transformations during cluster migrations.

Features

This plugin provides transformations for OpenShift-specific resources including:

  • BuildConfigs: Updates pull secrets and registry references
  • DeploymentConfigs: Handles PVC renames and pod template transformations
  • Routes: Removes auto-generated hostnames
  • ServiceAccounts: Strips default secrets and pull secrets
  • RoleBindings: Removes namespace references for ServiceAccount subjects
  • ImageStreams: Detects usage (see limitations below)
  • Automatic whiteout of OpenShift-specific resources (Builds, ImageStreamTags, ImageTags)
  • Optional stripping of default RBAC, CA bundles, and pull secrets

Limitations

Internal Image Registry Migration

Important: This plugin does NOT migrate container images stored in OpenShift's internal image registry.

When the plugin detects ImageStream resources during migration, it will log warnings like:

WARNING: ImageStream 'my-namespace/my-app' detected - images from internal registry are NOT migrated automatically
INFO: To migrate internal registry images, use tools like skopeo. Example: skopeo sync --src docker --dest docker SOURCE_REGISTRY/REPO DEST_REGISTRY/REPO

Why aren't images migrated?

  • Crane focuses on Kubernetes resource manifests (YAML)
  • Container images are data stored separately in container registries
  • Internal registry images require specialized tools for migration

How to migrate images manually

Use skopeo to copy images between registries:

# Example: Copy a single image
skopeo copy \
  docker://source-registry.example.com:5000/namespace/image:tag \
  docker://dest-registry.example.com:5000/namespace/image:tag

# Example: Sync multiple images
skopeo sync \
  --src docker --dest docker \
  source-registry.example.com:5000/namespace \
  dest-registry.example.com:5000/namespace

For more details, see crane issue #452.

Usage

This plugin is used automatically by crane when processing OpenShift resources. Optional flags can be configured:

  • --strip-default-rbac (default: true) - Strip default RBAC resources
  • --strip-default-cabundle (default: true) - Strip default CA bundle ConfigMaps
  • --strip-default-pull-secrets (default: true) - Strip default pull secrets
  • --pull-secret-replacement - Map of pull secret replacements
  • --registry-replacement - Map of registry path replacements
  • --pvc-rename-map - Map of PVC name changes

Development

For more information about developing crane plugins, see crane-plugins.

Running Tests

go test ./...

Building

go build -o crane-plugin-openshift .

About

Openshift plugin for crane

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

9 forks
Report repository

Releases 5

v0.1.0 Latest
Jun 11, 2026
+ 4 releases

Packages

 
 
 

Contributors

Languages