osdocs-154 Document Registry Operator#14476
osdocs-154 Document Registry Operator#14476bmcelvee merged 1 commit intoopenshift:enterprise-4.1from
Conversation
openshift-ci-robot
added
the
size/M
bmcelvee
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
3e3122c to
5901e4d
Compare
openshift-ci-robot
added
size/L
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
5901e4d to
2004380
Compare
|
@dmage PTAL, thanks! :) |
There was a problem hiding this comment.
configs.imageregistry.operator.openshift.io/cluster
There was a problem hiding this comment.
config.imageregistry.operator.openshift.io?
There was a problem hiding this comment.
Should be configs.imageregistry.operator.openshift.io
There was a problem hiding this comment.
This can't be changed by a user anymore. They should create config map in the openshift-config namespace and use AdditionalTrustedCA in the image.config.openshift.io resource.
There was a problem hiding this comment.
Thanks, @dmage! I temporarily commented out the original config content, and put in the following:
"You can create a ConfigMap in the openshift-config namespace and use AdditionalTrustedCA in the image.config.openshift.io resource to contact external registries."
Does that make sense? I think it would also be helpful to provide an example.
There was a problem hiding this comment.
"You can create a ConfigMap in the openshift-config namespace and use it name in AdditionalTrustedCA in the image.config.openshift.io resource to provide additional certificate authorities that should be trusted when contacting external registries."
Something like this?.. Maybe it should be a link for another document. For the registry the keys in this ConfigMap don't matter. But for runtime and builds, the config map should look like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: my-registry-ca
data:
registry.example.com: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
registry-with-port.example.com..5000: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
The key is the host name of a registry with the port for which this CA is to be trusted. Note that if the registry has the port, like registry-with-port.example.com:5000, : should be replaced with ...
@adambkaplan are there any additional requirements for this from builds?
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
2004380 to
9fd2ad8
Compare
There was a problem hiding this comment.
@dmage - another question: Is there a default config.imageregistry.operator.openshift.io CRD?
There was a problem hiding this comment.
@bmcelvee yes, the image registry operator (in managed state) always creates configs.imageregistry.operator.openshift.io/cluster when it doesn't exist.
|
Thanks, @dmage! Just have a couple more questions on this one. |
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
4 times, most recently
from
94c9aa7 to
c59fc3b
Compare
|
@wzheng1 PTAL, thanks! |
There was a problem hiding this comment.
It is better to highlight some configures are needed during installation for UPI on baremetal and vsphere, since there is no default storage configure for them, it will return: Unable to apply resources: storage backend not configured.
In this case, when try to describe clusteropeartor image-registry:
Status:
Conditions:
Last Transition Time: 2019-04-15T05:28:10Z
Message: The registry is ready
Reason: Ready
Status: True
Type: Available
Last Transition Time: 2019-04-16T05:42:07Z
Message: Unable to apply resources: storage backend not configured
Reason: Error
Status: True
Type: Progressing
Last Transition Time: 2019-04-16T05:42:07Z
Message: storage backend not configured
Reason: StorageNotConfigured
Status: True
Type: Failing
There was a problem hiding this comment.
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
c59fc3b to
4d70646
Compare
|
@openshift/team-documentation please peer review, thanks! |
bmcelvee
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
bmcelvee
added
the
peer-review-needed
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
4d70646 to
48f2ba6
Compare
There was a problem hiding this comment.
`image-registry` ?
Are these UI fields or parameters in the yaml definition? If they're in the yaml, they should be "configuration parameters."
There was a problem hiding this comment.
We switched to `` instead of ** for parameters and values in 4.1.
There was a problem hiding this comment.
s/operator/Operator
^ all places
Please double-check that all the future tense is necessary - present tense often is good enough.
The : should be outside the formatting.
Double-check that each entry starts with a capital letter and ends with a period.
There was a problem hiding this comment.
Are these fields, or components, or states? It feels like the descriptions have different functions for different entries. I feel like some of them would benefit from having values or default values provided.
There was a problem hiding this comment.
This paragraph sounds like it should be a procedure module.
There was a problem hiding this comment.
I'd combine this instruction with the step.
Also, why am I patching it, and what am I patching it with?
There was a problem hiding this comment.
maybe s/. It/, and it
registry,
There was a problem hiding this comment.
I'd s/AWS/Amazon Web Services
Do you have an issue to add, or refer to, the image registry storage configuration modules when they exist?
There was a problem hiding this comment.
"On initial startup" or "After the control plane deploys" ?
There was a problem hiding this comment.
Like if you don't have storage set up?
kalexand-rh
added
peer-review-done
bmcelvee
force-pushed
the
osdocs-154-registry-operator
branch
from
48f2ba6 to
d3a66cb
Compare
|
Going ahead and merging. Any additional updates can be made in follow-up PRs. |
7 participants
https://jira.coreos.com/browse/OSDOCS-154