Add registry storage configuration modules

[bmcelvee]

https://jira.coreos.com/browse/DEVEXP-278
https://jira.coreos.com/browse/DEVEXP-268
https://jira.coreos.com/browse/DEVEXP-267
https://jira.coreos.com/browse/OSDOCS-243

[openshift-docs-preview-bot]

The preview will be availble shortly at:

• https://add-registry-storage-modules--ocpdocs.netlify.com/

[dmage]

image-registry-private-configuration shouldn't be modified by users. After today's scrum I'd say there are 2 options:

• the cloud credentials are sufficient to create an S3 bucket, in this case the operator will do the storage configuration automatically;
• the operator is not capable of creating S3 buckets, in this case the administrator should create an S3 bucket, setup a Bucket Lifecycle Policy to abort incomplete multipart uploads that are one day old, and fill the storage configuration in configs.imageregistry.operator.openshift.io/cluster.

[wzheng1]

This command is invalid.

[wzheng1]

When UPI on AWS cluster is ready, s3 storage is automatically configured.

[adambkaplan]

@wzheng1 this is only true if the cluster admin/installer provides an AWS account that has permission to create S3 buckets.

[adambkaplan]

We should reference AWS docs on how to create an S3 bucket.

[wzheng1]

Whether this doc works? https://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html

[kalexand-rh]

The AWS UPI doc says that you need the S3 permission to create a bucket, and the steps as written have you create a bucket to store your bootstrap ignition config.

[wzheng1]

If you delete all s3 part on AWS with UPI, it will be generated automatically, admin doesn't need to input manually.

[dmage]

Admin may want to create a cluster with credentials that doesn't allow to create buckets. In this case the administrator should configure it manually.

[wzheng1]

Another thing I think need to add is to pay attention whether the cluster has default storage class, since if it has, any pvc will be attached to it automatically, this doesn't adapt to image-registry since inconsistent accessMode. So user has to specify in pv which pvc should be claimed like below:
"claimRef": {
"namespace": "openshift-image-registry",
"name": "image-registry-storage"
},
@adambkaplan please help to review too.

[adambkaplan]

@wzheng1 this is only true if the cluster admin/installer provides an AWS account that has permission to create S3 buckets.

[adambkaplan]

We should reference AWS docs on how to create an S3 bucket.

[adambkaplan]

Add bucket: <bucket-name>

[adambkaplan]

oc get pods -n openshift-image-registry

[adambkaplan]

oc get clusteroperator image-registry

[adambkaplan]

oc get pod -n openshift-image-registry

[bmcelvee]

@openshift/team-documentation - please peer review

(I think the suggested PVs for bare metal and vSphere will need to change once we have storage updates, but that can come in a follow-up PR.)

[kalexand-rh]

an S3 bucket,

[kalexand-rh]

The AWS UPI doc says that you need the S3 permission to create a bucket, and the steps as written have you create a bucket to store your bootstrap ignition config.

[kalexand-rh]

@huffmanca, when you're back in the office, we need to talk about the install-level prereqs we need to state for storage.

[kalexand-rh]

I'd move "such as Azure File or NFS." info to the prereq.

Can you show the commands that you'd run for these two steps?

[kalexand-rh]

What am I looking for here?

[wzheng1]

$oc edit configs.imageregistry.operator.openshift.io
storage:
pvc:
claim:

If you leave the claim name to be blank, a pvc named image-registry-storage will be created automatically.

[kalexand-rh]

Can you change the registry storage after installation? Do they need to go here, or just in the installation assemblies?

[wzheng1]

Yes, you can, as long as you are admin : ) vsphere and baremetal UPI installation should configure storage after installation, as original installation will prompt storage not configured error.

[kalexand-rh]

Would you use Azure or NFS with vSphere? I'd still move this info to the prereqs and show the commands to do these first two steps.

[kalexand-rh]

This makes it look like your storage is still not configured. Is that right? If you wait and run the command again, should you see a different message?

[bmcelvee]

@adambkaplan @dmage - would either of you be able to provide the procedures for these two steps or point me to where I can find them? Thanks!

. To configure your registry to use storage, change the spec.storage.pvc in
the configs.imageregistry/cluster resource.

. Provide a suitable persistent volume.

[adambkaplan]

@bmcelvee the steps here don't really make sense to me. Configuring PVC storage is much simpler:

0. Cluster admin must set up Persistent Volume(s) that support ReadWriteMany access modes (ex: NFS) - prerequisite and out of scope.
1. Make sure the registry is not up - check status of the cluster operator or operator config:
   $ oc get clusteroperator image-registry or $ oc get config.imageregistry.operator.openshift.io/cluster -o yaml
2. Edit the cluster operator config to set the storage to use PVC
3. Wait for the registry to come up (watch the clusteroperator - should report Available=true)

[adambkaplan]

Suggested change

	* PV with `ReadWriteMany` access mode, such as Azure File or NFS.
	* A provisioned Persistent Volume with `ReadWriteMany` access mode, such as Azure File or NFS.

You may also want out-link to upstream docs on PVs: https://v1-13.docs.kubernetes.io/docs/concepts/storage/persistent-volumes/

[adambkaplan]

@bmcelvee I'd consider this out of scope for this portion of the doc - the assumed prerequisite is that the cluster admin provisioned storage that can be satisfied via a PVC.

[bmcelvee]

I think we've reached a point where this content can be merged. If it requires additional content or changes, those items can be addressed in a follow-up PR.