$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"disableRedirect":true}}'
You can configure the registry of a cluster that runs on your own Red Hat OpenStack Platform (RHOSP) infrastructure.
By disabling redirects, you can configure the Image Registry Operator to control whether clients such as OpenShift Container Platform cluster builds or external systems like developer machines are redirected to pull images directly from Red Hat OpenStack Platform (RHOSP) Swift storage. This configuration is optional and depends on whether the clients trust the storage’s SSL/TLS certificates.
In situations where clients to not trust the storage certificate, setting the Alternatively, if clients trust the storage certificate, the registry can allow redirects. This reduces resource demand on the registry itself. Some users might prefer to configure their clients to trust their self-signed certificate authorities (CAs) instead of disabling redirects. If you are using a self-signed CA, you must decide between trusting the custom CAs or disabling redirects. |
To ensures that the image registry proxies traffic instead of relying on Swift storage, change the value of the spec.disableRedirect
field in the config.imageregistry
object to true
by running the following command:
$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"disableRedirect":true}}'
In addition to the configs.imageregistry.operator.openshift.io
and configmap
resources, configuration is provided to the Operator by a separate secret
resource located within the openshift-image-registry
namespace.
The image-registry-private-configuration-user
secret provides
credentials needed for storage access and management. It overrides the default
credentials used by the Operator, if default credentials were found.
For Swift on Red Hat OpenStack Platform (RHOSP) storage, the secret is expected to contain the following two keys:
REGISTRY_STORAGE_SWIFT_USERNAME
REGISTRY_STORAGE_SWIFT_PASSWORD
Create an OpenShift Container Platform secret that contains the required keys.
$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_SWIFT_USERNAME=<username> --from-literal=REGISTRY_STORAGE_SWIFT_PASSWORD=<password> -n openshift-image-registry
If the Registry Operator cannot create a Swift bucket, you must set up the storage medium manually and configure the settings in the registry custom resource (CR).
A cluster on Red Hat OpenStack Platform (RHOSP) with user-provisioned infrastructure.
To configure registry storage for RHOSP, you need to provide Registry Operator cloud credentials.
For Swift on RHOSP storage, the secret is expected to contain the following two keys:
REGISTRY_STORAGE_SWIFT_USERNAME
REGISTRY_STORAGE_SWIFT_PASSWORD
Fill in the storage configuration in configs.imageregistry.operator.openshift.io/cluster
:
$ oc edit configs.imageregistry.operator.openshift.io/cluster
# ...
storage:
swift:
container: <container-id>
# ...
The following configuration parameters are available for Red Hat OpenStack Platform (RHOSP) Swift registry storage.
Parameter | Description |
---|---|
|
Defines the URL for obtaining the authentication token. This value is optional. |
|
Specifies the Auth version of RHOSP, for example, |
|
Defines the name of a Swift container for storing registry data. This value is optional. |
|
Specifies the RHOSP domain name for the Identity v3 API. This value is optional. |
|
Specifies the RHOSP domain ID for the Identity v3 API. This value is optional. |
|
Defines the RHOSP tenant name to be used by the registry. This value is optional. |
|
Defines the RHOSP tenant ID to be used by the registry. This value is optional. |
|
Defines the RHOSP region in which the container exists. This value is optional. |