From d3a66cbf564bc4fcaa828ffac12d42ca2ebcf0e2 Mon Sep 17 00:00:00 2001 From: bmcelvee Date: Thu, 2 May 2019 14:38:18 -0400 Subject: [PATCH] osdocs-154 Document Registry Operator --- _topic_map.yml | 3 +- .../registry-operator-config-resources.adoc | 51 ++++++++++++++++++ ...rator-configuration-resource-overview.adoc | 54 +++++++++++++++++++ modules/registry-operator-default-crd.adoc | 22 ++++++++ registry/configuring-registry-operator.adoc | 37 +++++++++++++ 5 files changed, 166 insertions(+), 1 deletion(-) create mode 100644 modules/registry-operator-config-resources.adoc create mode 100644 modules/registry-operator-configuration-resource-overview.adoc create mode 100644 modules/registry-operator-default-crd.adoc create mode 100644 registry/configuring-registry-operator.adoc diff --git a/_topic_map.yml b/_topic_map.yml index 172167fb8a..69a01160da 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -390,7 +390,8 @@ Distros: openshift-enterprise,openshift-origin,openshift-dedicated Topics: - Name: Overview File: architecture-component-imageregistry - Distros: openshift-enterprise,openshift-origin,openshift-dedicated +- Name: Image Registry Operator in Openshift Container Platform + File: configuring-registry-operator - Name: Registry options File: registry-options Distros: openshift-enterprise,openshift-origin diff --git a/modules/registry-operator-config-resources.adoc b/modules/registry-operator-config-resources.adoc new file mode 100644 index 0000000000..72103b6c05 --- /dev/null +++ b/modules/registry-operator-config-resources.adoc @@ -0,0 +1,51 @@ +// Module included in the following assemblies: +// +// * openshift_images/configuring-registry-operator.adoc + + +[id="registry-operator-config-resources-{context}"] += Image Registry Operator configuration resources + +In addition to the `configs.imageregistry.operator.openshift.io` resource, +additional configuration is provided to the Operator by separate ConfigMap and +Secret resources located within the `openshift-image-registry` namespace. + +.Prerequisites +* The CAs must be PEM-encoded. + +.Procedure + +You can create a ConfigMap in the `openshift-config` namespace and use its name +in `AdditionalTrustedCA` in the `image.config.openshift.io` resource to provide +additional CAs that should be trusted when contacting external registries. The +key is the host name of a registry with the port for which this CA is to be +trusted. The `image-registry-private-configuration-user`(Secret) provides +credentials needed for storage access and management. It overrides the default +credentials used by the Operator, if default credentials were found. + +.Image registry CA example +[source,yaml] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-registry-ca +data: + registry.example.com: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + registry-with-port.example.com..5000: | <1> + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- +---- + + +<1> If the registry has the port, such as `registry-with-port.example.com:5000`. +: should be replaced with `..`. + +For S3 storage the ConfigMap is expected to contain two keys: + +* REGISTRY_STORAGE_S3_ACCESSKEY +* REGISTRY_STORAGE_S3_SECRETKEY diff --git a/modules/registry-operator-configuration-resource-overview.adoc b/modules/registry-operator-configuration-resource-overview.adoc new file mode 100644 index 0000000000..ba9762e44b --- /dev/null +++ b/modules/registry-operator-configuration-resource-overview.adoc @@ -0,0 +1,54 @@ +// Module included in the following assemblies: +// +// * openshift_images/configuring-registry-operator.adoc + + +[id="registry-operator-configuration-resource-overview-{context}"] += Image Registry Operator configuration parameters + +The `configs.imageregistry.operator.openshift.io` resource offers the following +configuration parameters. + +[cols="3a,8a",options="header"] +|=== +|Parameter |Description + +|`ManagementState` +|`Managed`: The Operator updates the registry as configuration resources +are updated. +`Unmanaged`: The Operator ignores changes to the configuration resources. + +|`Removed` +|The Operator removes the registry instance and tear down any +storage that the Operator provisioned. + +|`Logging` +|Sets `loglevel` of the registry instance. + +|`HTTPSecret` +|Value needed by the registry to secure uploads, generated by default. + +|`Proxy` +|Defines the Proxy to be used when calling master API +and upstream registries. + +|`Storage` +|`Storagetype`: Details for configuring registry storage, for example S3 bucket +coordinates. Normally configured by default. + +|`Requests` +|API Request Limit details. Controls how many parallel requests a given registry +instance will handle before queuing additional requests. + +|`DefaultRoute` +|Determines whether or not an external route is defined using the default +hostname. If enabled, the route uses re-encrypt encryption. Defaults to false. + +|`Routes` +|Array of additional routes to create. You provide the hostname and certificate +for the route. + +|`Replicas` +|Replica count for the registry. + +|=== diff --git a/modules/registry-operator-default-crd.adoc b/modules/registry-operator-default-crd.adoc new file mode 100644 index 0000000000..2d830c6845 --- /dev/null +++ b/modules/registry-operator-default-crd.adoc @@ -0,0 +1,22 @@ +// Module included in the following assemblies: +// +// * openshift_images/configuring-registry-operator.adoc + + +[id="registry-operator-default-crd-{context}"] += Securing the Image Registry with the Custom Resource Definition + +In {product-title}, the `Registry` Operator controls the registry feature. The +Operator is defined by the `configs.imageregistry.operator.openshift.io` Custom +Resource Definition (CRD). + +If you need to automatically secure the Image Registry, patch the Image Registry +Operator CRD. + +.Procedure + +* Patch the Image Registry Operator CRD: ++ +---- +$ oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec":{"defaultRoute":false}}' +---- diff --git a/registry/configuring-registry-operator.adoc b/registry/configuring-registry-operator.adoc new file mode 100644 index 0000000000..970caf1328 --- /dev/null +++ b/registry/configuring-registry-operator.adoc @@ -0,0 +1,37 @@ +[id=configuring-registry-operator’] += Image Registry Operator in {product-title} +include::modules/common-attributes.adoc[] +:context: configuring-registry-operator +toc::[] + +The Image Registry Operator installs a single instance of the {product-title} +registry, and it manages all configuration of the registry, including setting up +registry storage. + +[NOTE] +==== +Storage is only automatically configured when you install on Amazon Web Services. +==== + +After the control plane deploys, the Operator will create a default +`configs.imageregistry.operator.openshift.io` resource instance based on +configuration detected in the cluster. + +If insufficient information is available to define a complete +`configs.imageregistry.operator.openshift.io` resource, the incomplete resource +will be defined and the operator will update the resource status with +information about what is missing. + +The Image Registry Operator runs in the `openshift-image-registry` namespace, +and manages the registry instance in that location as well. All configuration +and workload resources for the registry reside in that namespace. + +.Prerequisites + +* Deploy an {product-title} cluster. + +include::modules/registry-operator-configuration-resource-overview.adoc[leveloffset=+1] + +include::modules/registry-operator-config-resources.adoc[leveloffset=+1] + +include::modules/registry-operator-default-crd.adoc[leveloffset=+1]