By default, OpenShift Container Platform 4.3 does not have any storage configured for the image registry, and the image registry operator is in a nonmanaged (Removed) state. Follow the guidelines in this section to configure image registry storage.
The details in this document are based on the use of a Dell EMC Unity XT380F-based NAS server to host the image registry.
Consider the following information:
Note: At the time that this document was written, the Dell EMC Unity CSI driver was not yet available. We used generic drivers of iSCSI and NFS to provision storage.
The prerequisites for creating the image registry storage are as follows:
The NAS server and NFS share details are as follows:
To provision storage for the image registry, complete the following steps in the Unity array. Run the commands as user core in CSAH unless otherwise specified.
[core@csah ~]$ cat nfspv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-image-registry
namespace: openshift-image-registry
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
path: /unitynfs
server: 100.82.47.8
persistentVolumeReclaimPolicy: Retain
[core@csah ~]$ oc create -f nfsimageregpv.yml
[core@csah ~]$ cat nfspvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfspvc
namespace: openshift-image-registry
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100G
[core@csah ~]$ oc create -f nfspvc.yaml
persistentvolumeclaim/nfspvc created
[core@csah ~]$ oc edit configs.imageregistry.operator.openshift.io
Note: To use the storage that was created in the Unity array, ensure that the managementState value is set to Managed.
spec:
managementState: Managed
storage:
pvc:
claim: nfspvc
Note: Leaving claim empty automatically creates a PVC.
[core@csah ~]$ oc edit configs.imageregistry.operator.openshift.io
config.imageregistry.operator.openshift.io/cluster edited
Operators such as image-registry, apiserver, and so on are in a PROGRESSING True state for few minutes before they become AVAILABLE True.
Note: Receiving a permissions error during an attempt to push an image to an NFS-based image registry is a known issue. For more information, see the Knowledgebase in the Red Hat Customer Portal.
Note: Perform these steps regardless of whether you use NFS-based or iSCSI-based Unity storage.
Validate the image registry as follows:
Figure 10. Cluster operators status check
Note: Although image-registry is the cluster operator to be verified, other cluster operators such as operator-lifecycle-manager and kube-apiserver might change. We recommend that you check all cluster operators before proceeding.
Figure 11. Image registry pod status
[core@csah ~]$ oc describe pod image-registry-54d58569dc-tlvr4 -n openshift-image-registry | grep -i volumes -A 4
Volumes:
registry-storage:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: nfspvc
ReadOnly: false
[core@csah ~]$ oc debug nodes/etcd-0.example.com
Starting pod/etcd-0examplecom-debug ...
To use host binaries, run `chroot /host`
Pod IP: 100.82.46.21
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# oc login -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Login successful.
You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'
Using project "default".
sh-4.4# podman login -u kubeadmin -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000
Login Succeeded!