mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
120 lines
3.0 KiB
Plaintext
120 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * post_installation_configuration/configuring-private-cluster.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="configuring-private-storage-endpoint-azure-user-provided-vnet-subnet_{context}"]
|
|
= Configuring a private storage endpoint on Azure with user-provided VNet and subnet names
|
|
|
|
Use the following procedure to configure a storage account that has public network access disabled and is exposed behind a private storage endpoint on Azure.
|
|
|
|
.Prerequisites
|
|
|
|
* You have configured the image registry to run on Azure.
|
|
* You must know the VNet and subnet names used for your Azure environment.
|
|
* If your network was configured in a separate resource group in Azure, you must also know its name.
|
|
|
|
.Procedure
|
|
|
|
. Edit the Image Registry Operator `config` object and configure the private endpoint using your VNet and subnet names:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc edit configs.imageregistry/cluster
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# ...
|
|
spec:
|
|
# ...
|
|
storage:
|
|
azure:
|
|
# ...
|
|
networkAccess:
|
|
type: Internal
|
|
internal:
|
|
subnetName: <subnet_name>
|
|
vnetName: <vnet_name>
|
|
networkResourceGroupName: <network_resource_group_name>
|
|
# ...
|
|
----
|
|
|
|
. Optional: Enter the following command to confirm that the Operator has completed provisioning. This might take a few minutes.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get configs.imageregistry/cluster -o=jsonpath="{.spec.storage.azure.privateEndpointName}" -w
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
When redirect is enabled, pulling images from outside of the cluster will not work.
|
|
====
|
|
|
|
.Verification
|
|
|
|
. Fetch the registry service name by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get imagestream -n openshift
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
NAME IMAGE REPOSITORY TAGS UPDATED
|
|
cli image-registry.openshift-image-registry.svc:5000/openshift/cli latest 8 hours ago
|
|
...
|
|
----
|
|
|
|
. Enter debug mode by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc debug node/<node_name>
|
|
----
|
|
|
|
. Run the suggested `chroot` command. For example:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ chroot /host
|
|
----
|
|
|
|
. Enter the following command to log in to your container registry:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ podman login --tls-verify=false -u unused -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
Login Succeeded!
|
|
----
|
|
|
|
. Enter the following command to verify that you can pull an image from the registry:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ podman pull --tls-verify=false image-registry.openshift-image-registry.svc:5000/openshift/tools
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/tools/openshift/tools...
|
|
Getting image source signatures
|
|
Copying blob 6b245f040973 done
|
|
Copying config 22667f5368 done
|
|
Writing manifest to image destination
|
|
Storing signatures
|
|
22667f53682a2920948d19c7133ab1c9c3f745805c14125859d20cede07f11f9
|
|
----
|