$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'- Documentation
- OpenShift Container Platform
- Registry
- Setting up and configuring the registry
- Configuring the registry for vSphere history
- About
- Release notes
- Architecture
-
Installing
-
Installing on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster on AWS in a restricted network
- Uninstalling a cluster on AWS
-
Installing on Azure
- Configuring an Azure account
- Manually creating IAM
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure using ARM templates
- Uninstalling a cluster on Azure
-
Installing on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP into an existing VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Restricted network GCP installation
- Uninstalling a cluster on GCP
- Installing on bare metal
- Installing on IBM Z and LinuxONE
- Installing on IBM Power
- Installing on OpenStack
- Installing on vSphere
- Gathering installation logs
- Support for FIPS cryptography
- Installation configuration
-
Installing on AWS
- Updating clusters
- Support
- Web console
-
Authentication
- Understanding authentication
- Certificate types and descriptions
- Configuring the internal OAuth server
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an HTPasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Configuring certificates
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Configuring the user agent
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Managing Security Context Constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
-
Networking
- Understanding networking
- Accessing hosts
- Understanding the Cluster Network Operator (CNO)
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Network policy
-
Multiple networks
- Understanding multiple networks
- Attaching a Pod to an additional network
- Removing a Pod from an additional network
- Configuring a bridge network
- Configuring a macvlan network
- Configuring an ipvlan network
- Configuring a host-device network
- Editing an additional network
- Removing an additional network
- Configuring PTP
- Hardware networks
- OpenShift SDN default CNI network provider
- Configuring Routes
- Configuring ingress cluster traffic
- Configuring the cluster-wide proxy
- Configuring a custom PKI
-
Storage
- Understanding ephemeral storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using Amazon EFS
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Container Storage Interface (CSI)
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using local volumes
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Container Storage
- Persistent storage using VMware vSphere
- Expanding persistent volumes
- Dynamic provisioning
- Registry
-
Operators
- Understanding Operators
- Understanding the Operator Lifecycle Manager (OLM)
- Understanding the OperatorHub
- Adding Operators to a cluster
- Configuring proxy support
- Deleting Operators from a cluster
- Creating applications from installed Operators
- Viewing Operator status
- Creating policy for Operator installations and upgrades
- Using OLM on restricted networks
- CRDs
- Operator SDK
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Creating and using ConfigMaps
- Images
- Applications
- Machine management
-
Nodes
- Working with pods
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Configuring the default scheduler to control pod placement
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Using Jobs and DaemonSets
-
Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing Nodes
- Managing the maximum number of Pods per Node
- Using the Node Tuning Operator
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Viewing node audit logs
- Machine Config Daemon metrics
-
Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Working with clusters
-
Logging
- About cluster logging
- About deploying cluster logging
- Deploying cluster logging
- Updating cluster logging
- Viewing cluster logs
- Viewing cluster logs using Kibana
-
Configuring your cluster logging deployment
- About configuring cluster logging
- Changing cluster logging management state
- Configuring cluster logging
- Configuring Elasticsearch
- Configuring Kibana
- Configuring Curator
- Configuring the logging collector
- Collecting and storing Kubernetes events
- Using tolerations to control cluster logging pod placement
- Forward logs to third party systems
- Configuring systemd-journald for cluster logging
- Viewing Elasticsearch status
- Viewing cluster logging status
- Moving the cluster logging resources with node selectors
- Manually rolling out Elasticsearch
- Troubleshooting Kibana
- Exported fields
- Uninstalling cluster logging
- Monitoring
- Metering
-
Scalability and performance
- Recommended installation practices
- Recommended host practices
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using Cluster Loader
- Using CPU Manager
- Using Topology Manager
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- What huge pages do and how they are consumed by apps
- Backup and restore
-
Migration
-
Migrating from OpenShift Container Platform 3
- About migrating from OpenShift Container Platform 3 to 4
- Planning your migration from OpenShift Container Platform 3 to 4
- Migration tools and prerequisites
- Deploying the Cluster Application Migration tool
- Configuring a replication repository
- Migrating applications with the CAM web console
- Migrating control plane settings with the Control Plane Migration Assistant
- Troubleshooting
- Migrating from OpenShift Container Platform 4.1
- Migrating from OpenShift Container Platform 4.2 and later
-
Migrating from OpenShift Container Platform 3
-
CLI tools
- OpenShift CLI (oc)
-
OpenShift Do developer CLI (odo)
- Understanding odo
- odo architecture
- Installing odo
- Using odo in a restricted environment
- Creating a single-component application with odo
- Creating a multicomponent application with odo
- Creating an application with a database
- Using sample applications
- Debugging applications in odo
- Managing environment variables in odo
- Configuring the odo CLI
- odo CLI reference
- odo release notes
- Helm CLI
- Knative CLI (kn) for use with OpenShift Serverless
- OpenShift REST APIs
-
Service Mesh
-
Service Mesh 1.x
- Service Mesh 1.x release notes
- Service Mesh architecture
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing Service Mesh
- Customizing the installation
- Deploying applications on Service Mesh
- Data visualization and observability
- Security
- Traffic management
- Using the 3scale Istio adapter
-
Service Mesh 1.x
- Jaeger
-
Container-native virtualization
- About container-native virtualization
- Container-native virtualization release notes
- Container-native virtualization installation
- Upgrading container-native virtualization
- Using the CLI tools
-
Virtual machines
- Creating virtual machines
- Editing virtual machines
- Deleting virtual machines
- Controlling virtual machines states
- Accessing virtual machine consoles
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
- Advanced virtual machine management
- Importing virtual machines
- Cloning virtual machines
- Virtual machine networking
-
Virtual machine disks
- Configuring local storage for virtual machines
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage DataVolume
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Storage defaults for DataVolumes
- Preparing CDI scratch space
- Virtual machine templates
- Live migration
- Node maintenance
- Logging, events, and monitoring
- Serverless applications
×
Configuring the registry for vSphere
Image registry removed during installation
On platforms that do not provide shareable object storage, the OpenShift Image
Registry Operator bootstraps itself as Removed. This allows
openshift-installer to complete installations on these platform types.
After installation, you must edit the Image Registry Operator configuration to
switch the managementState from Removed to Managed.
|
The Prometheus console provides an "Image Registry has been removed. |
Changing the image registry’s management state
To start the image registry, you must change the Image Registry Operator configuration’s managementState from Removed to Managed.
Procedure
-
Change
managementStateImage Registry Operator configuration fromRemovedtoManaged. For example:
Image registry storage configuration
The image-registry Operator is not initially available for platforms that do
not provide default storage. After installation, you must configure your
registry to use storage so the Registry Operator is made available.
Instructions for both configuring a PersistentVolume, which is required for production clusters, and for configuring an empty directory as the storage location, which is available for only non-production clusters, are shown.
Configuring registry storage for VMware vSphere
As a cluster administrator, following installation you must configure your registry to use storage.
Prerequisites
-
Cluster administrator permissions.
-
A cluster on VMware vSphere.
-
Provision persistent storage for your cluster. To deploy a private image registry, your storage must provide ReadWriteMany access mode.
vSphere volumes do not support the
ReadWriteManyaccess mode. You must use a different storage backend, such asNFS, to configure the registry storage. -
Must have "100Gi" capacity.
|
Testing shows issues with using the NFS server on RHEL as storage backend for core services. This includes the OpenShift Container Registry and Quay, Prometheus for monitoring storage, and Elasticsearch for logging storage. Therefore, using RHEL NFS to back PVs used by core services is not recommended. Other NFS implementations on the marketplace might not have these issues. Contact the individual NFS implementation vendor for more information on any testing that was possibly completed against these OpenShift Container Platform core components. |
Procedure
-
To configure your registry to use storage, change the
spec.storage.pvcin theconfigs.imageregistry/clusterresource.When using shared storage such as NFS, it is strongly recommended to use the
supplementalGroupsstrategy, which dictates the allowable supplemental groups for the Security Context, rather than thefsGroupID. Refer to the NFS Group IDs documentation for details. -
Verify you do not have a registry Pod:
$ oc get pod -n openshift-image-registry
-
If the storage type is
emptyDIR, the replica number cannot be greater than1. -
If the storage type is
NFS, you must enable theno_wdelayandroot_squashmount options. For example:# cat /etc/exports /mnt/data *(rw,sync,no_wdelay,root_squash,insecure,fsid=0) sh-4.3# exportfs -rv exporting *:/mnt/data
-
-
Check the registry configuration:
$ oc edit configs.imageregistry.operator.openshift.io storage: pvc: claim:Leave the
claimfield blank to allow the automatic creation of animage-registry-storagePVC. -
Optional: Add a new storage class to a PV:
-
Create the PV:
$ oc create -f -
apiVersion: v1 kind: PersistentVolume metadata: name: image-registry-pv spec: accessModes: - ReadWriteMany capacity: storage: 100Gi nfs: path: /registry server: 172.16.231.181 persistentVolumeReclaimPolicy: Retain storageClassName: nfs01$ oc get pv
-
Create the PVC:
$ oc create -n openshift-image-registry -f -
apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "image-registry-pvc" spec: accessModes: - ReadWriteMany resources: requests: storage: 100Gi storageClassName: nfs01 volumeMode: Filesystem$ oc get pvc -n openshift-image-registry
Finally, add the name of your PVC:
$ oc edit configs.imageregistry.operator.openshift.io -o yaml
storage: pvc: claim: image-registry-pvc (1)1 Creating a custom PVC allows you to leave the claimfield blank for default automatic creation of animage-registry-storagePVC.
-
-
Check the
clusteroperatorstatus:$ oc get clusteroperator image-registry
See Group IDs for additional details about using supplemental groups to handle NFS access.
Configuring storage for the image registry in non-production clusters
You must configure storage for the image registry Operator. For non-production clusters, you can set the image registry to an empty directory. If you do so, all images are lost if you restart the registry.
Procedure
-
To set the image registry storage to an empty directory:
$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'Configure this option for only non-production clusters.
If you run this command before the Image Registry Operator initializes its components, the
oc patchcommand fails with the following error:Error from server (NotFound): configs.imageregistry.operator.openshift.io "cluster" not found
Wait a few minutes and run the command again.
Additional resources
For more details about configuring registry storage for vSphere, see Recommended configurable storage technology.