-
Notifications
You must be signed in to change notification settings - Fork 1.9k
osdocs-154 Document Registry Operator #14476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
bmcelvee
merged 1 commit into
openshift:enterprise-4.1
from
bmcelvee:osdocs-154-registry-operator
May 10, 2019
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * openshift_images/configuring-registry-operator.adoc | ||
|
|
||
|
|
||
| [id="registry-operator-config-resources-{context}"] | ||
| = Image Registry Operator configuration resources | ||
|
|
||
| In addition to the `configs.imageregistry.operator.openshift.io` resource, | ||
| additional configuration is provided to the Operator by separate ConfigMap and | ||
| Secret resources located within the `openshift-image-registry` namespace. | ||
|
|
||
| .Prerequisites | ||
| * The CAs must be PEM-encoded. | ||
|
|
||
| .Procedure | ||
|
|
||
| You can create a ConfigMap in the `openshift-config` namespace and use its name | ||
| in `AdditionalTrustedCA` in the `image.config.openshift.io` resource to provide | ||
| additional CAs that should be trusted when contacting external registries. The | ||
| key is the host name of a registry with the port for which this CA is to be | ||
| trusted. The `image-registry-private-configuration-user`(Secret) provides | ||
| credentials needed for storage access and management. It overrides the default | ||
| credentials used by the Operator, if default credentials were found. | ||
|
|
||
| .Image registry CA example | ||
| [source,yaml] | ||
| ---- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: my-registry-ca | ||
| data: | ||
| registry.example.com: | | ||
| -----BEGIN CERTIFICATE----- | ||
| ... | ||
| -----END CERTIFICATE----- | ||
| registry-with-port.example.com..5000: | <1> | ||
| -----BEGIN CERTIFICATE----- | ||
| ... | ||
| -----END CERTIFICATE----- | ||
| ---- | ||
|
|
||
|
|
||
| <1> If the registry has the port, such as `registry-with-port.example.com:5000`. | ||
| : should be replaced with `..`. | ||
|
|
||
| For S3 storage the ConfigMap is expected to contain two keys: | ||
|
|
||
| * REGISTRY_STORAGE_S3_ACCESSKEY | ||
| * REGISTRY_STORAGE_S3_SECRETKEY |
54 changes: 54 additions & 0 deletions
54
modules/registry-operator-configuration-resource-overview.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * openshift_images/configuring-registry-operator.adoc | ||
|
|
||
|
|
||
| [id="registry-operator-configuration-resource-overview-{context}"] | ||
| = Image Registry Operator configuration parameters | ||
|
|
||
| The `configs.imageregistry.operator.openshift.io` resource offers the following | ||
| configuration parameters. | ||
|
|
||
| [cols="3a,8a",options="header"] | ||
| |=== | ||
| |Parameter |Description | ||
|
|
||
| |`ManagementState` | ||
| |`Managed`: The Operator updates the registry as configuration resources | ||
| are updated. | ||
| `Unmanaged`: The Operator ignores changes to the configuration resources. | ||
|
|
||
| |`Removed` | ||
| |The Operator removes the registry instance and tear down any | ||
| storage that the Operator provisioned. | ||
|
|
||
| |`Logging` | ||
| |Sets `loglevel` of the registry instance. | ||
|
|
||
| |`HTTPSecret` | ||
| |Value needed by the registry to secure uploads, generated by default. | ||
|
|
||
| |`Proxy` | ||
| |Defines the Proxy to be used when calling master API | ||
| and upstream registries. | ||
|
|
||
| |`Storage` | ||
| |`Storagetype`: Details for configuring registry storage, for example S3 bucket | ||
| coordinates. Normally configured by default. | ||
|
|
||
| |`Requests` | ||
| |API Request Limit details. Controls how many parallel requests a given registry | ||
| instance will handle before queuing additional requests. | ||
|
|
||
| |`DefaultRoute` | ||
| |Determines whether or not an external route is defined using the default | ||
| hostname. If enabled, the route uses re-encrypt encryption. Defaults to false. | ||
|
|
||
| |`Routes` | ||
| |Array of additional routes to create. You provide the hostname and certificate | ||
| for the route. | ||
|
|
||
| |`Replicas` | ||
| |Replica count for the registry. | ||
|
|
||
| |=== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * openshift_images/configuring-registry-operator.adoc | ||
|
|
||
|
|
||
| [id="registry-operator-default-crd-{context}"] | ||
| = Securing the Image Registry with the Custom Resource Definition | ||
|
|
||
| In {product-title}, the `Registry` Operator controls the registry feature. The | ||
| Operator is defined by the `configs.imageregistry.operator.openshift.io` Custom | ||
| Resource Definition (CRD). | ||
|
|
||
| If you need to automatically secure the Image Registry, patch the Image Registry | ||
| Operator CRD. | ||
|
|
||
| .Procedure | ||
|
|
||
| * Patch the Image Registry Operator CRD: | ||
| + | ||
| ---- | ||
| $ oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec":{"defaultRoute":false}}' | ||
| ---- | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| [id=configuring-registry-operator’] | ||
| = Image Registry Operator in {product-title} | ||
| include::modules/common-attributes.adoc[] | ||
| :context: configuring-registry-operator | ||
| toc::[] | ||
|
|
||
| The Image Registry Operator installs a single instance of the {product-title} | ||
| registry, and it manages all configuration of the registry, including setting up | ||
| registry storage. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| Storage is only automatically configured when you install on Amazon Web Services. | ||
| ==== | ||
|
|
||
| After the control plane deploys, the Operator will create a default | ||
| `configs.imageregistry.operator.openshift.io` resource instance based on | ||
| configuration detected in the cluster. | ||
|
|
||
| If insufficient information is available to define a complete | ||
| `configs.imageregistry.operator.openshift.io` resource, the incomplete resource | ||
| will be defined and the operator will update the resource status with | ||
| information about what is missing. | ||
|
|
||
| The Image Registry Operator runs in the `openshift-image-registry` namespace, | ||
| and manages the registry instance in that location as well. All configuration | ||
| and workload resources for the registry reside in that namespace. | ||
|
|
||
| .Prerequisites | ||
|
|
||
| * Deploy an {product-title} cluster. | ||
|
|
||
| include::modules/registry-operator-configuration-resource-overview.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/registry-operator-config-resources.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/registry-operator-default-crd.adoc[leveloffset=+1] |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The process doesn't match the title.