$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'On platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as Removed. This allows openshift-installer to complete installations on these platform types.
After installation, you must edit the Image Registry Operator configuration to switch the managementState from Removed to Managed.
To start the image registry, you must change the Image Registry Operator configuration’s managementState from Removed to Managed.
Change managementState Image Registry Operator configuration from Removed to Managed. For example:
$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'The Image Registry Operator is not initially available for platforms that do not provide default storage. After installation, you must configure your registry to use storage so that the Registry Operator is made available.
Instructions are shown for configuring a persistent volume, which is required for production clusters. Where applicable, instructions are shown for configuring an empty directory as the storage location, which is available for only non-production clusters.
Additional instructions are provided for allowing the image registry to use block storage types by using the Recreate rollout strategy during upgrades.
As a cluster administrator, following installation you must configure your registry to use storage.
Cluster administrator permissions.
A cluster on VMware vSphere.
Persistent storage provisioned for your cluster, such as Red Hat OpenShift Data Foundation.
| OKD supports  | 
Must have "100Gi" capacity.
| Testing shows issues with using the NFS server on RHEL as storage backend for core services. This includes the OpenShift Container Registry and Quay, Prometheus for monitoring storage, and Elasticsearch for logging storage. Therefore, using RHEL NFS to back PVs used by core services is not recommended. Other NFS implementations on the marketplace might not have these issues. Contact the individual NFS implementation vendor for more information on any testing that was possibly completed against these OKD core components. | 
To configure your registry to use storage, change the spec.storage.pvc in the configs.imageregistry/cluster resource.
| When you use shared storage, review your security settings to prevent outside access. | 
Verify that you do not have a registry pod:
$ oc get pod -n openshift-image-registry -l docker-registry=defaultNo resourses found in openshift-image-registry namespace| If you do have a registry pod in your output, you do not need to continue with this procedure. | 
Check the registry configuration:
$ oc edit configs.imageregistry.operator.openshift.iostorage:
  pvc:
    claim: (1)| 1 | Leave the claimfield blank to allow the automatic creation of animage-registry-storagepersistent volume claim (PVC). The PVC is generated based on the default storage class. However, be aware that the default storage class might provide ReadWriteOnce (RWO) volumes, such as a RADOS Block Device (RBD), which can cause issues when you replicate to more than one replica. | 
Check the clusteroperator status:
$ oc get clusteroperator image-registryNAME             VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
image-registry   4.7                                  True        False         False      6h50mYou must configure storage for the Image Registry Operator. For non-production clusters, you can set the image registry to an empty directory. If you do so, all images are lost if you restart the registry.
To set the image registry storage to an empty directory:
$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'| Configure this option for only non-production clusters. | 
If you run this command before the Image Registry Operator initializes its
components, the oc patch command fails with the following error:
Error from server (NotFound): configs.imageregistry.operator.openshift.io "cluster" not foundWait a few minutes and run the command again.
To allow the image registry to use block storage types such as vSphere Virtual Machine Disk (VMDK) during upgrades as a cluster administrator, you can use the Recreate rollout strategy.
| Block storage volumes are supported but not recommended for use with image registry on production clusters. An installation where the registry is configured on block storage is not highly available because the registry cannot have more than one replica. | 
Enter the following command to set the image registry storage as a block storage type, patch the registry so that it uses the Recreate rollout strategy, and runs with only 1 replica:
$ oc patch config.imageregistry.operator.openshift.io/cluster --type=merge -p '{"spec":{"rolloutStrategy":"Recreate","replicas":1}}'Provision the PV for the block storage device, and create a PVC for that volume. The requested block volume uses the ReadWriteOnce (RWO) access mode.
Create a pvc.yaml file with the following contents to define a VMware vSphere PersistentVolumeClaim object:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: image-registry-storage (1)
  namespace: openshift-image-registry (2)
spec:
  accessModes:
  - ReadWriteOnce (3)
  resources:
    requests:
      storage: 100Gi (4)| 1 | A unique name that represents the PersistentVolumeClaimobject. | 
| 2 | The namespace for the PersistentVolumeClaimobject, which isopenshift-image-registry. | 
| 3 | The access mode of the persistent volume claim. With ReadWriteOnce, the volume can be mounted with read and write permissions by a single node. | 
| 4 | The size of the persistent volume claim. | 
Enter the following command to create the PersistentVolumeClaim object from the file:
$ oc create -f pvc.yaml -n openshift-image-registryEnter the following command to edit the registry configuration so that it references the correct PVC:
$ oc edit config.imageregistry.operator.openshift.io -o yamlstorage:
  pvc:
    claim: (1)| 1 | By creating a custom PVC, you can leave the claimfield blank for the default automatic creation of animage-registry-storagePVC. | 
For instructions about configuring registry storage so that it references the correct PVC, see Configuring the registry for vSphere.
Red Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:
Ceph, a shared and distributed file system and on-premises object storage
NooBaa, providing a Multicloud Object Gateway
This document outlines the procedure to configure the image registry to use Ceph RGW storage.
You have access to the cluster as a user with the cluster-admin role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the OpenShift Data Foundation Operator to provide object storage and Ceph RGW object storage.
Create the object bucket claim using the ocs-storagecluster-ceph-rgw storage class. For example:
cat <<EOF | oc apply -f -
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: rgwbucket
  namespace: openshift-storage (1)
spec:
  storageClassName: ocs-storagecluster-ceph-rgw
  generateBucketName: rgwbucket
EOF| 1 | Alternatively, you can use the openshift-image-registrynamespace. | 
Get the bucket name by entering the following command:
$ bucket_name=$(oc get obc -n openshift-storage rgwbucket -o jsonpath='{.spec.bucketName}')Get the AWS credentials by entering the following commands:
$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode)$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode)Create the secret image-registry-private-configuration-user with the AWS credentials for the new bucket under openshift-image-registry project by entering the following command:
$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registryGet the buckethost value by entering the following command:
$ route_host=$(oc get objectbucket $bucket_name -n openshift-storage -o=jsonpath='{.spec.endpoint.bucketHost}')Create a config map that uses an ingress certificate by entering the following commands:
$ oc extract secret/router-certs-default  -n openshift-ingress  --confirm$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt  -n openshift-configConfigure the image registry to use the Ceph RGW object storage by entering the following command:
$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","s3":{"bucket":'\"${bucket_name}\"',"region":"us-east-1","regionEndpoint":'\"https://${route_host}\"',"virtualHostedStyle":false,"encrypt":false,"trustedCA":{"name":"image-registry-s3-bundle"}}}}}' --type=mergeRed Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:
Ceph, a shared and distributed file system and on-premises object storage
NooBaa, providing a Multicloud Object Gateway
This document outlines the procedure to configure the image registry to use Noobaa storage.
You have access to the cluster as a user with the cluster-admin role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the OpenShift Data Foundation Operator to provide object storage and Noobaa object storage.
Create the object bucket claim using the openshift-storage.noobaa.io storage class. For example:
cat <<EOF | oc apply -f -
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: noobaatest
  namespace: openshift-storage (1)
spec:
  storageClassName: openshift-storage.noobaa.io
  generateBucketName: noobaatest
EOF| 1 | Alternatively, you can use the openshift-image-registrynamespace. | 
Get the bucket name by entering the following command:
$ bucket_name=$(oc get obc -n openshift-storage noobaatest -o jsonpath='{.spec.bucketName}')Get the AWS credentials by entering the following commands:
$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage noobaatest -o yaml | grep -w "AWS_ACCESS_KEY_ID:" | head -n1 | awk '{print $2}' | base64 --decode)$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage noobaatest -o yaml | grep -w "AWS_SECRET_ACCESS_KEY:" | head -n1 | awk '{print $2}' | base64 --decode)Create the secret image-registry-private-configuration-user with the AWS credentials for the new bucket under openshift-image-registry project by entering the following command:
$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registryGet the route host by entering the following command:
$ route_host=$(oc get route s3 -n openshift-storage -o=jsonpath='{.spec.host}')Create a config map that uses an ingress certificate by entering the following commands:
$ oc extract secret/router-certs-default  -n openshift-ingress  --confirm$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt  -n openshift-configConfigure the image registry to use the Nooba object storage by entering the following command:
$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","s3":{"bucket":'\"${bucket_name}\"',"region":"us-east-1","regionEndpoint":'\"https://${route_host}\"',"virtualHostedStyle":false,"encrypt":false,"trustedCA":{"name":"image-registry-s3-bundle"}}}}}' --type=mergeRed Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:
Ceph, a shared and distributed file system and on-premises object storage
NooBaa, providing a Multicloud Object Gateway
This document outlines the procedure to configure the image registry to use CephFS storage.
| CephFS uses persistent volume claim (PVC) storage. It is not recommended to use PVCs for image registry storage if there are other options are available, such as Ceph RGW or Noobaa. | 
You have access to the cluster as a user with the cluster-admin role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the OpenShift Data Foundation Operator to provide object storage and CephFS file storage.
Create a PVC to use the cephfs storage class. For example:
cat <<EOF | oc apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 name: registry-storage-pvc
 namespace: openshift-image-registry
spec:
 accessModes:
 - ReadWriteMany
 resources:
   requests:
     storage: 100Gi
 storageClassName: ocs-storagecluster-cephfs
EOFConfigure the image registry to use the CephFS file system storage by entering the following command:
$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","pvc":{"claim":"registry-storage-pvc"}}}}' --type=merge