Avoid --force in update documentation #613
Description
Since it landed in 2023 the disconnected-update docs recommend --force. But OCP API docs point out that cluster admins assume complete responsibility for validating their target release and cluster state if they use that option. And oc adm upgrade has --help text and logs stderr complaints warning about the risks.
#293 doesn't go into details about why --force was selected, but I expect it's related to release image signature verification. OCP docs about release image mirroring talk through per-cluster signature ConfigMaps, that give clusters in disconnected/restricted network access to signatures they cannot retrieve from the canonical locations. For folks using oc-mirror, it's Configuring your cluster to use the resources generated by oc-mirror:
If you mirrored release images, apply the release image signatures to the cluster by running the following command:
$ oc apply -f ./oc-mirror-workspace/results-1639608409/release-signatures/
For folks using oc adm release mirror ..., it's Mirroring images to a mirror registry:
Apply the mirrored release image signature config map to the connected cluster:
$ oc apply -f ${REMOVABLE_MEDIA_PATH}/mirror/config/<image_signature_file> For <image_signature_file>, specify the path and name of the file, for example, signature-sha256-81154f5c03294534.yaml.
or, when the host running the mirror command has access to the canonical signature sources and the target cluster, the --apply-release-image-signature option.
For environments with multiple clusters, ideally whoever runs the mirroring is storing those signature ConfigMaps somewhere convenient for each cluster admin to pull down as needed. Or they're actively pushing the signature ConfigMaps out to each cluster in their environment. But for admins in disconnected/restricted-network environments where the folks running the mirroring are not being helpful, these old 4.7 docs walk through manual creation of the signature ConfigMaps.