This is a cache of https://docs.okd.io/latest/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.html. It is a snapshot of the page at 2024-11-23T19:46:54.563+0000.
Config [imag<strong>e</strong>r<strong>e</strong>gistry.op<strong>e</strong>rator.op<strong>e</strong>nshift.io/v1] - Op<strong>e</strong>rator APIs | API r<strong>e</strong>f<strong>e</strong>r<strong>e</strong>nc<strong>e</strong> | OKD 4
&times;
Description

Config is the configuration object for a registry instance managed by the registry operator Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).

Type

object

Required
  • metadata

  • spec

Specification

Property Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the ReST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ImageRegistrySpec defines the specs for the running registry.

status

object

ImageRegistryStatus reports image registry operational status.

.spec

Description

ImageRegistrySpec defines the specs for the running registry.

Type

object

Required
  • replicas

Property Type Description

affinity

object

affinity is a group of node affinity scheduling rules for the image registry pod(s).

defaultRoute

boolean

defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname.

disableRedirect

boolean

disableRedirect controls whether to route all data through the Registry, rather than redirecting to the backend.

httpSecret

string

httpSecret is the value needed by the registry to secure uploads, generated by default.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

logging

integer

logging is deprecated, use logLevel instead.

managementState

string

managementState indicates whether and how the operator should manage the component

nodeSelector

object (string)

nodeSelector defines the node selection constraints for the registry pod.

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

proxy

object

proxy defines the proxy to be used when calling master api, upstream registries, etc.

readOnly

boolean

readOnly indicates whether the registry instance should reject attempts to push new images or delete existing ones.

replicas

integer

replicas determines the number of registry instances to run.

requests

object

requests controls how many parallel requests a given registry instance will handle before queuing additional requests.

resources

object

resources defines the resource requests+limits for the registry pod.

rolloutStrategy

string

rolloutStrategy defines rollout strategy for the image registry deployment.

routes

array

routes defines additional external facing routes which should be created for the registry.

routes[]

object

ImageRegistryConfigRoute holds information on external route access to image registry.

storage

object

storage details for configuring registry storage, e.g. S3 bucket coordinates.

tolerations

array

tolerations defines the tolerations for the registry pod.

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

topologySpreadConstraints

array

topologySpreadConstraints specify how to spread matching pods among the given topology.

topologySpreadConstraints[]

object

TopologySpreadConstraint specifies how to spread matching pods among the given topology.

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

.spec.affinity

Description

affinity is a group of node affinity scheduling rules for the image registry pod(s).

Type

object

Property Type Description

nodeAffinity

object

Describes node affinity scheduling rules for the pod.

podAffinity

object

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

object

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

.spec.affinity.nodeAffinity

Description

Describes node affinity scheduling rules for the pod.

Type

object

Property Type Description

preferredDuringSchedulingIgnoredDuringexecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchexpressions; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringexecution[]

object

An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).

requiredDuringSchedulingIgnoredDuringexecution

object

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution

Description

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchexpressions; the node(s) with the highest sum are the most preferred.

Type

array

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[]

Description

An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).

Type

object

Required
  • preference

  • weight

Property Type Description

preference

object

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[].preference

Description

A node selector term, associated with the corresponding weight.

Type

object

Property Type Description

matchexpressions

array

A list of node selector requirements by node’s labels.

matchexpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[].preference.matchexpressions

Description

A list of node selector requirements by node’s labels.

Type

array

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[].preference.matchexpressions[]

Description

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[].preference.matchFields

Description

A list of node selector requirements by node’s fields.

Type

array

.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringexecution[].preference.matchFields[]

Description

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution

Description

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

Type

object

Required
  • nodeSelectorTerms

Property Type Description

nodeSelectorTerms

array

Required. A list of node selector terms. The terms are ORed.

nodeSelectorTerms[]

object

A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms

Description

Required. A list of node selector terms. The terms are ORed.

Type

array

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms[]

Description

A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.

Type

object

Property Type Description

matchexpressions

array

A list of node selector requirements by node’s labels.

matchexpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms[].matchexpressions

Description

A list of node selector requirements by node’s labels.

Type

array

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms[].matchexpressions[]

Description

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms[].matchFields

Description

A list of node selector requirements by node’s fields.

Type

array

.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringexecution.nodeSelectorTerms[].matchFields[]

Description

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists, DoesNotexist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

.spec.affinity.podAffinity

Description

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

Type

object

Property Type Description

preferredDuringSchedulingIgnoredDuringexecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringexecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringexecution

array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringexecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution

Description

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

Type

array

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[]

Description

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

Type

object

Required
  • podAffinityTerm

  • weight

Property Type Description

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm

Description

Required. A pod affinity term, associated with the corresponding weight.

Type

object

Required
  • topologyKey

Property Type Description

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed.

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector

Description

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector

Description

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution

Description

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

Type

array

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[]

Description

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

Type

object

Required
  • topologyKey

Property Type Description

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed.

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector

Description

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector

Description

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAntiAffinity

Description

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

Type

object

Property Type Description

preferredDuringSchedulingIgnoredDuringexecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringexecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringexecution

array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringexecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution

Description

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

Type

array

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[]

Description

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

Type

object

Required
  • podAffinityTerm

  • weight

Property Type Description

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm

Description

Required. A pod affinity term, associated with the corresponding weight.

Type

object

Required
  • topologyKey

Property Type Description

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed.

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector

Description

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.labelSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector

Description

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringexecution[].podAffinityTerm.namespaceSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution

Description

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

Type

array

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[]

Description

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

Type

object

Required
  • topologyKey

Property Type Description

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. empty topologyKey is not allowed.

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector

Description

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].labelSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector

Description

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringexecution[].namespaceSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.proxy

Description

proxy defines the proxy to be used when calling master api, upstream registries, etc.

Type

object

Property Type Description

http

string

http defines the proxy to be used by the image registry when accessing HTTP endpoints.

https

string

https defines the proxy to be used by the image registry when accessing HTTPS endpoints.

noProxy

string

noProxy defines a comma-separated list of host names that shouldn’t go through any proxy.

.spec.requests

Description

requests controls how many parallel requests a given registry instance will handle before queuing additional requests.

Type

object

Property Type Description

read

object

read defines limits for image registry’s reads.

write

object

write defines limits for image registry’s writes.

.spec.requests.read

Description

read defines limits for image registry’s reads.

Type

object

Property Type Description

maxInQueue

integer

maxInQueue sets the maximum queued api requests to the registry.

maxRunning

integer

maxRunning sets the maximum in flight api requests to the registry.

maxWaitInQueue

string

maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected.

.spec.requests.write

Description

write defines limits for image registry’s writes.

Type

object

Property Type Description

maxInQueue

integer

maxInQueue sets the maximum queued api requests to the registry.

maxRunning

integer

maxRunning sets the maximum in flight api requests to the registry.

maxWaitInQueue

string

maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected.

.spec.resources

Description

resources defines the resource requests+limits for the registry pod.

Type

object

Property Type Description

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

claims[]

object

ResourceClaim references one entry in PodSpec.ResourceClaims.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

.spec.resources.claims

Description

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

Type

array

.spec.resources.claims[]

Description

ResourceClaim references one entry in PodSpec.ResourceClaims.

Type

object

Required
  • name

Property Type Description

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

.spec.routes

Description

routes defines additional external facing routes which should be created for the registry.

Type

array

.spec.routes[]

Description

ImageRegistryConfigRoute holds information on external route access to image registry.

Type

object

Required
  • name

Property Type Description

hostname

string

hostname for the route.

name

string

name of the route to be created.

secretName

string

secretName points to secret containing the certificates to be used by the route.

.spec.storage

Description

storage details for configuring registry storage, e.g. S3 bucket coordinates.

Type

object

Property Type Description

azure

object

azure represents configuration that uses Azure Blob Storage.

emptyDir

object

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

gcs

object

gcs represents configuration that uses Google Cloud Storage.

ibmcos

object

ibmcos represents configuration that uses IBM Cloud Object Storage.

managementState

string

managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.

oss

object

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

pvc

object

pvc represents configuration that uses a PersistentVolumeClaim.

s3

object

s3 represents configuration that uses Amazon Simple Storage Service.

swift

object

swift represents configuration that uses OpenStack Object Storage.

.spec.storage.azure

Description

azure represents configuration that uses Azure Blob Storage.

Type

object

Property Type Description

accountName

string

accountName defines the account to be used by the registry.

cloudName

string

cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.

container

string

container defines Azure’s container to be used by registry.

networkAccess

object

networkAccess defines the network access properties for the storage account. Defaults to type: external.

.spec.storage.azure.networkAccess

Description

networkAccess defines the network access properties for the storage account. Defaults to type: external.

Type

object

Property Type Description

internal

object

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

type

string

type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: external means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. external storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateendpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateendpointName. Defaults to "external".

.spec.storage.azure.networkAccess.internal

Description

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

Type

object

Property Type Description

networkResourceGroupName

string

networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.

privateendpointName

string

privateendpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

subnetName

string

subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).

vnetName

string

vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

.spec.storage.emptyDir

Description

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

Type

object

.spec.storage.gcs

Description

gcs represents configuration that uses Google Cloud Storage.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key.

projectID

string

projectID is the Project ID of the GCP project that this bucket should be associated with.

region

string

region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region.

.spec.storage.ibmcos

Description

ibmcos represents configuration that uses IBM Cloud Object Storage.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

location

string

location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location.

resourceGroupName

string

resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group.

resourceKeyCRN

string

resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided.

serviceInstanceCRN

string

serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided.

.spec.storage.oss

Description

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

Type

object

Property Type Description

bucket

string

Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars>

encryption

object

encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

endpointAccessibility

string

endpointAccessibility specifies whether the registry use the OSS VPC internal endpoint empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is Internal.

region

string

Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region.

.spec.storage.oss.encryption

Description

encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

Type

object

Property Type Description

kms

object

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

method

string

Method defines the different encrytion modes available empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is AeS256.

.spec.storage.oss.encryption.kms

Description

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

Type

object

Required
  • keyID

Property Type Description

keyID

string

KeyID holds the KMS encryption key ID

.spec.storage.pvc

Description

pvc represents configuration that uses a PersistentVolumeClaim.

Type

object

Property Type Description

claim

string

claim defines the Persisent Volume Claim’s name to be used.

.spec.storage.s3

Description

s3 represents configuration that uses Amazon Simple Storage Service.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

chunkSizeMiB

integer

chunkSizeMiB defines the size of the multipart upload chunks of the S3 API. The S3 API requires multipart upload chunks to be at least 5MiB. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 10 MiB. The value is an integer number of MiB. The minimum value is 5 and the maximum value is 5120 (5 GiB).

cloudFront

object

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

encrypt

boolean

encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, encrypt must be true, or this parameter is ignored.

region

string

region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region.

regionendpoint

string

regionendpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided.

trustedCA

object

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

virtualHostedStyle

boolean

virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom Regionendpoint Optional, defaults to false.

.spec.storage.s3.cloudFront

Description

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

Type

object

Required
  • baseURL

  • keypairID

  • privateKey

Property Type Description

baseURL

string

baseURL contains the SCHeMe://HOST[/PATH] at which Cloudfront is served.

duration

string

duration is the duration of the Cloudfront session.

keypairID

string

keypairID is key pair ID provided by AWS.

privateKey

object

privateKey points to secret containing the private key, provided by AWS.

.spec.storage.s3.cloudFront.privateKey

Description

privateKey points to secret containing the private key, provided by AWS.

Type

object

Required
  • key

Property Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

.spec.storage.s3.trustedCA

Description

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

Type

object

Property Type Description

name

string

name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used.

.spec.storage.swift

Description

swift represents configuration that uses OpenStack Object Storage.

Type

object

Property Type Description

authURL

string

authURL defines the URL for obtaining an authentication token.

authVersion

string

authVersion specifies the OpenStack Auth’s version.

container

string

container defines the name of Swift container where to store the registry’s data.

domain

string

domain specifies Openstack’s domain name for Identity v3 API.

domainID

string

domainID specifies Openstack’s domain id for Identity v3 API.

regionName

string

regionName defines Openstack’s region in which container exists.

tenant

string

tenant defines Openstack tenant name to be used by registry.

tenantID

string

tenant defines Openstack tenant id to be used by registry.

.spec.tolerations

Description

tolerations defines the tolerations for the registry pod.

Type

array

.spec.tolerations[]

Description

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

Type

object

Property Type Description

effect

string

effect indicates the taint effect to match. empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and Noexecute.

key

string

Key is the taint key that the toleration applies to. empty means match all taint keys. If the key is empty, operator must be exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are exists and equal. Defaults to equal. exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect Noexecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is exists, the value should be empty, otherwise just a regular string.

.spec.topologySpreadConstraints

Description

topologySpreadConstraints specify how to spread matching pods among the given topology.

Type

array

.spec.topologySpreadConstraints[]

Description

TopologySpreadConstraint specifies how to spread matching pods among the given topology.

Type

object

Required
  • maxSkew

  • topologyKey

  • whenUnsatisfiable

Property Type Description

labelSelector

object

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. When whenUnsatisfiable=DoNotSchedule, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When whenUnsatisfiable=ScheduleAnyway, it is used to give higher precedence to topologies that satisfy it. It’s a required field. Default value is 1 and 0 is not allowed.

minDomains

integer

MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.

nodeAffinityPolicy

string

NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

nodeTaintsPolicy

string

NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field.

.spec.topologySpreadConstraints[].labelSelector

Description

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

Type

object

Property Type Description

matchexpressions

array

matchexpressions is a list of label selector requirements. The requirements are ANDed.

matchexpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchexpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.topologySpreadConstraints[].labelSelector.matchexpressions

Description

matchexpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.topologySpreadConstraints[].labelSelector.matchexpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, exists and DoesNotexist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is exists or DoesNotexist, the values array must be empty. This array is replaced during a strategic merge patch.

.status

Description

ImageRegistryStatus reports image registry operational status.

Type

object

Required
  • storage

  • storageManaged

Property Type Description

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

storage

object

storage indicates the current applied storage configuration of the registry.

storageManaged

boolean

storageManaged is deprecated, please refer to Storage.managementState

version

string

version is the level this availability applies to

.status.conditions

Description

conditions is a list of conditions and their status

Type

array

.status.conditions[]

Description

OperatorCondition is just the standard condition fields.

Type

object

Required
  • type

Property Type Description

lastTransitionTime

string

message

string

reason

string

status

string

type

string

.status.generations

Description

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

Type

array

.status.generations[]

Description

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

Type

object

Property Type Description

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

.status.storage

Description

storage indicates the current applied storage configuration of the registry.

Type

object

Property Type Description

azure

object

azure represents configuration that uses Azure Blob Storage.

emptyDir

object

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

gcs

object

gcs represents configuration that uses Google Cloud Storage.

ibmcos

object

ibmcos represents configuration that uses IBM Cloud Object Storage.

managementState

string

managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.

oss

object

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

pvc

object

pvc represents configuration that uses a PersistentVolumeClaim.

s3

object

s3 represents configuration that uses Amazon Simple Storage Service.

swift

object

swift represents configuration that uses OpenStack Object Storage.

.status.storage.azure

Description

azure represents configuration that uses Azure Blob Storage.

Type

object

Property Type Description

accountName

string

accountName defines the account to be used by the registry.

cloudName

string

cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.

container

string

container defines Azure’s container to be used by registry.

networkAccess

object

networkAccess defines the network access properties for the storage account. Defaults to type: external.

.status.storage.azure.networkAccess

Description

networkAccess defines the network access properties for the storage account. Defaults to type: external.

Type

object

Property Type Description

internal

object

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

type

string

type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: external means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. external storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateendpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateendpointName. Defaults to "external".

.status.storage.azure.networkAccess.internal

Description

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

Type

object

Property Type Description

networkResourceGroupName

string

networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.

privateendpointName

string

privateendpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

subnetName

string

subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).

vnetName

string

vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

.status.storage.emptyDir

Description

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

Type

object

.status.storage.gcs

Description

gcs represents configuration that uses Google Cloud Storage.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key.

projectID

string

projectID is the Project ID of the GCP project that this bucket should be associated with.

region

string

region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region.

.status.storage.ibmcos

Description

ibmcos represents configuration that uses IBM Cloud Object Storage.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

location

string

location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location.

resourceGroupName

string

resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group.

resourceKeyCRN

string

resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided.

serviceInstanceCRN

string

serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided.

.status.storage.oss

Description

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

Type

object

Property Type Description

bucket

string

Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars>

encryption

object

encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

endpointAccessibility

string

endpointAccessibility specifies whether the registry use the OSS VPC internal endpoint empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is Internal.

region

string

Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region.

.status.storage.oss.encryption

Description

encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

Type

object

Property Type Description

kms

object

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

method

string

Method defines the different encrytion modes available empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is AeS256.

.status.storage.oss.encryption.kms

Description

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

Type

object

Required
  • keyID

Property Type Description

keyID

string

KeyID holds the KMS encryption key ID

.status.storage.pvc

Description

pvc represents configuration that uses a PersistentVolumeClaim.

Type

object

Property Type Description

claim

string

claim defines the Persisent Volume Claim’s name to be used.

.status.storage.s3

Description

s3 represents configuration that uses Amazon Simple Storage Service.

Type

object

Property Type Description

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

chunkSizeMiB

integer

chunkSizeMiB defines the size of the multipart upload chunks of the S3 API. The S3 API requires multipart upload chunks to be at least 5MiB. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 10 MiB. The value is an integer number of MiB. The minimum value is 5 and the maximum value is 5120 (5 GiB).

cloudFront

object

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

encrypt

boolean

encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, encrypt must be true, or this parameter is ignored.

region

string

region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region.

regionendpoint

string

regionendpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided.

trustedCA

object

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

virtualHostedStyle

boolean

virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom Regionendpoint Optional, defaults to false.

.status.storage.s3.cloudFront

Description

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

Type

object

Required
  • baseURL

  • keypairID

  • privateKey

Property Type Description

baseURL

string

baseURL contains the SCHeMe://HOST[/PATH] at which Cloudfront is served.

duration

string

duration is the duration of the Cloudfront session.

keypairID

string

keypairID is key pair ID provided by AWS.

privateKey

object

privateKey points to secret containing the private key, provided by AWS.

.status.storage.s3.cloudFront.privateKey

Description

privateKey points to secret containing the private key, provided by AWS.

Type

object

Required
  • key

Property Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

.status.storage.s3.trustedCA

Description

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

Type

object

Property Type Description

name

string

name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used.

.status.storage.swift

Description

swift represents configuration that uses OpenStack Object Storage.

Type

object

Property Type Description

authURL

string

authURL defines the URL for obtaining an authentication token.

authVersion

string

authVersion specifies the OpenStack Auth’s version.

container

string

container defines the name of Swift container where to store the registry’s data.

domain

string

domain specifies Openstack’s domain name for Identity v3 API.

domainID

string

domainID specifies Openstack’s domain id for Identity v3 API.

regionName

string

regionName defines Openstack’s region in which container exists.

tenant

string

tenant defines Openstack tenant name to be used by registry.

tenantID

string

tenant defines Openstack tenant id to be used by registry.

API endpoints

The following API endpoints are available:

  • /apis/imageregistry.operator.openshift.io/v1/configs

    • DeLeTe: delete collection of Config

    • GeT: list objects of kind Config

    • POST: create a Config

  • /apis/imageregistry.operator.openshift.io/v1/configs/{name}

    • DeLeTe: delete a Config

    • GeT: read the specified Config

    • PATCH: partially update the specified Config

    • PUT: replace the specified Config

  • /apis/imageregistry.operator.openshift.io/v1/configs/{name}/status

    • GeT: read status of the specified Config

    • PATCH: partially update status of the specified Config

    • PUT: replace status of the specified Config

/apis/imageregistry.operator.openshift.io/v1/configs

HTTP method

DeLeTe

Description

delete collection of Config

Table 1. HTTP responses
HTTP code Reponse body

200 - OK

Status schema

401 - Unauthorized

empty

HTTP method

GeT

Description

list objects of kind Config

Table 2. HTTP responses
HTTP code Reponse body

200 - OK

ConfigList schema

401 - Unauthorized

empty

HTTP method

POST

Description

create a Config

Table 3. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4. Body parameters
Parameter Type Description

body

Config schema

Table 5. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

201 - Created

Config schema

202 - Accepted

Config schema

401 - Unauthorized

empty

/apis/imageregistry.operator.openshift.io/v1/configs/{name}

Table 6. Global path parameters
Parameter Type Description

name

string

name of the Config

HTTP method

DeLeTe

Description

delete a Config

Table 7. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 8. HTTP responses
HTTP code Reponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

empty

HTTP method

GeT

Description

read the specified Config

Table 9. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

401 - Unauthorized

empty

HTTP method

PATCH

Description

partially update the specified Config

Table 10. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

401 - Unauthorized

empty

HTTP method

PUT

Description

replace the specified Config

Table 12. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13. Body parameters
Parameter Type Description

body

Config schema

Table 14. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

empty

/apis/imageregistry.operator.openshift.io/v1/configs/{name}/status

Table 15. Global path parameters
Parameter Type Description

name

string

name of the Config

HTTP method

GeT

Description

read status of the specified Config

Table 16. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

401 - Unauthorized

empty

HTTP method

PATCH

Description

partially update status of the specified Config

Table 17. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

401 - Unauthorized

empty

HTTP method

PUT

Description

replace status of the specified Config

Table 19. Query parameters
Parameter Type Description

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20. Body parameters
Parameter Type Description

body

Config schema

Table 21. HTTP responses
HTTP code Reponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

empty