This is a cache of https://docs.openshift.com/container-platform/4.4/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.html. It is a snapshot of the page at 2024-11-23T01:16:48.303+0000.
Configuring the registry for Azure user-provisioned infrastructure - Setting up and configuring the registry | Registry | OpenShift Container Platform 4.4
×

Configuring a secret for the Image Registry Operator

In addition to the configs.imageregistry.operator.openshift.io and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the openshift-image-registry namespace.

The image-registry-private-configuration-user secret provides credentials needed for storage access and management. It overrides the default credentials used by the Operator, if default credentials were found.

For Azure registry storage the secret is expected to contain one key whose value is the contents of a credentials file provided by Azure:

  • REGISTRY_STORAGE_AZURE_ACCOUNTKEY

Procedure
  • Create an OpenShift Container Platform secret that contains the required key.

    $ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_AZURE_ACCOUNTKEY=<accountkey> --namespace openshift-image-registry

Configuring registry storage for Azure

During installation, your cloud credentials are sufficient to create Azure Blob Storage, and the Registry Operator automatically configures storage.

Prerequisites
  • A cluster on Azure with user-provisioned infrastructure.

  • To configure registry storage for Azure, provide Registry Operator cloud credentials.

  • For Azure storage the secret is expected to contain one key:

    • REGISTRY_STORAGE_AZURE_ACCOUNTKEY

Procedure
  1. Create an Azure storage container.

  2. Fill in the storage configuration in configs.imageregistry.operator.openshift.io/cluster:

    $ oc edit configs.imageregistry.operator.openshift.io/cluster
    
    storage:
      azure:
        accountName: <storage-account-name>
        container: <container-name>