osdocs-154 Document Registry Operator

_topic_map.yml

@@ -390,7 +390,8 @@ Distros: openshift-enterprise,openshift-origin,openshift-dedicated
 Topics:
 - Name: Overview
   File: architecture-component-imageregistry
-  Distros: openshift-enterprise,openshift-origin,openshift-dedicated
+- Name: Image Registry Operator in Openshift Container Platform
+  File: configuring-registry-operator
 - Name: Registry options
   File: registry-options
   Distros: openshift-enterprise,openshift-origin

modules/registry-operator-config-resources.adoc

@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * openshift_images/configuring-registry-operator.adoc
+
+
+[id="registry-operator-config-resources-{context}"]
+= Image Registry Operator configuration resources
+
+In addition to the `configs.imageregistry.operator.openshift.io` resource,
+additional configuration is provided to the Operator by separate ConfigMap and
+Secret resources located within the `openshift-image-registry` namespace.
+
+.Prerequisites
+* The CAs must be PEM-encoded.
+
+.Procedure
+
+You can create a ConfigMap in the `openshift-config` namespace and use its name
+in `AdditionalTrustedCA` in the `image.config.openshift.io` resource to provide
+additional CAs that should be trusted when contacting external registries. The
+key is the host name of a registry with the port for which this CA is to be
+trusted. The `image-registry-private-configuration-user`(Secret) provides
+credentials needed for storage access and management. It overrides the default
+credentials used by the Operator, if default credentials were found.
+
+.Image registry CA example
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-registry-ca
+data:
+  registry.example.com: |
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+  registry-with-port.example.com..5000: | <1>
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+----
+
+
+<1>  If the registry has the port, such as `registry-with-port.example.com:5000`.
+: should be replaced with `..`.
+
+For S3 storage the ConfigMap is expected to contain two keys:
+
+* REGISTRY_STORAGE_S3_ACCESSKEY
+* REGISTRY_STORAGE_S3_SECRETKEY

modules/registry-operator-configuration-resource-overview.adoc

@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * openshift_images/configuring-registry-operator.adoc
+
+
+[id="registry-operator-configuration-resource-overview-{context}"]
+= Image Registry Operator configuration parameters
+
+The `configs.imageregistry.operator.openshift.io` resource offers the following
+configuration parameters.
+
+[cols="3a,8a",options="header"]
+|===
+|Parameter |Description
+
+|`ManagementState`
+|`Managed`: The Operator updates the registry as configuration resources
+are updated.
+`Unmanaged`: The Operator ignores changes to the configuration resources.
+
+|`Removed`
+|The Operator removes the registry instance and tear down any
+storage that the Operator provisioned.
+
+|`Logging`
+|Sets `loglevel` of the registry instance.
+
+|`HTTPSecret`
+|Value needed by the registry to secure uploads, generated by default.
+
+|`Proxy`
+|Defines the Proxy to be used when calling master API
+and upstream registries.
+
+|`Storage`
+|`Storagetype`: Details for configuring registry storage, for example S3 bucket
+coordinates. Normally configured by default.
+
+|`Requests`
+|API Request Limit details. Controls how many parallel requests a given registry
+instance will handle before queuing additional requests.
+
+|`DefaultRoute`
+|Determines whether or not an external route is defined using the default
+hostname. If enabled, the route uses re-encrypt encryption. Defaults to false.
+
+|`Routes`
+|Array of additional routes to create. You provide the hostname and certificate
+for the route.
+
+|`Replicas`
+|Replica count for the registry.
+
+|===

modules/registry-operator-default-crd.adoc

@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * openshift_images/configuring-registry-operator.adoc
+
+
+[id="registry-operator-default-crd-{context}"]
+= Securing the Image Registry with the Custom Resource Definition
+
+In {product-title}, the `Registry` Operator controls the registry feature. The
+Operator is defined by the `configs.imageregistry.operator.openshift.io` Custom
+Resource Definition (CRD).
+
+If you need to automatically secure the Image Registry, patch the Image Registry
+Operator CRD.
+
+.Procedure
+
+* Patch the Image Registry Operator CRD:
++
+----
+$ oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec":{"defaultRoute":false}}'
+----

registry/configuring-registry-operator.adoc

@@ -0,0 +1,37 @@
+[id=configuring-registry-operator’]
+= Image Registry Operator in {product-title}
+include::modules/common-attributes.adoc[]
+:context: configuring-registry-operator
+toc::[]
+
+The Image Registry Operator installs a single instance of the {product-title}
+registry, and it manages all configuration of the registry, including setting up
+registry storage.
+
+[NOTE]
+====
+Storage is only automatically configured when you install on Amazon Web Services.
+====
+
+After the control plane deploys, the Operator will create a default
+`configs.imageregistry.operator.openshift.io` resource instance based on
+configuration detected in the cluster.
+
+If insufficient information is available to define a complete
+`configs.imageregistry.operator.openshift.io` resource, the incomplete resource
+will be defined and the operator will update the resource status with
+information about what is missing.
+
+The Image Registry Operator runs in the `openshift-image-registry` namespace,
+and manages the registry instance in that location as well. All configuration
+and workload resources for the registry reside in that namespace.
+
+.Prerequisites
+
+* Deploy an {product-title} cluster.
+
+include::modules/registry-operator-configuration-resource-overview.adoc[leveloffset=+1]
+
+include::modules/registry-operator-config-resources.adoc[leveloffset=+1]
+
+include::modules/registry-operator-default-crd.adoc[leveloffset=+1]