Deploying OpenShift 4.3

Introduction

By default, OpenShift Container Platform 4.3 does not have any storage configured for the image registry, and the image registry operator is in a nonmanaged (Removed) state. Follow the guidelines in this section to configure image registry storage.

The details in this document are based on the use of a Dell EMC Unity XT380F-based NAS server to host the image registry.

Consider the following information:

• Dell Technologies recommends using the Dell EMC Unity 380 All Flash (380F) array for image registry storage.
• Red Hat does not recommend using the NFS server that it ships with Red Hat Enterprise Linux for image registry storage, although using Linux-backed NFS shares is possible for proof-of-concept (POC) implementations.
• Although POC implementations can use emptyDir for image registry storage, images pushed to the image registry are not saved following a reboot.

Note: At the time that this document was written, the Dell EMC Unity CSI driver was not yet available. We used generic drivers of iSCSI and NFS to provision storage.

NFS-based image registry

The prerequisites for creating the image registry storage are as follows:

• The Unity array must be configured and accessible through the management IP address.
• The NAS server must be created and reachable from the OpenShift Container Platform cluster.
• The disk pool must be created.

NAS server and NFS share details

The NAS server and NFS share details are as follows:

• NAS server name—unitynas
• File system name—unitynfs
• NFS share path—100.82.47.8:/unitynfs
• Default access—RW, Allow root

Provisioning image registry storage

To provision storage for the image registry, complete the following steps in the Unity array. Run the commands as user core in CSAH unless otherwise specified.

1. Ensure that the environment meets the prerequisites that are listed in the preceding section.

2. Create a persistent volume (PV) file nfspv.yml, using following content:

[core@csah ~]$ cat nfspv.yaml

apiVersion: v1

kind: PersistentVolume

metadata:

  name: nfs-image-registry

  namespace: openshift-image-registry

spec:

  capacity:

    storage: 100Gi

  accessModes:

  -  ReadWriteMany

  nfs:

    path: /unitynfs

    server: 100.82.47.8

  persistentVolumeReclaimPolicy: Retain

3. Create the following PV:

[core@csah ~]$ oc create -f nfsimageregpv.yml

4. Create a persistent volume claim (PVC) YAML file, using the following content:

[core@csah ~]$ cat nfspvc.yaml

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: nfspvc

  namespace: openshift-image-registry

spec:

  accessModes:

  - ReadWriteMany

  resources:

    requests:

      storage: 100G

5. Create a PVC:

[core@csah ~]$ oc create -f nfspvc.yaml

persistentvolumeclaim/nfspvc created

6. Edit the registry configuration to use the PV:

[core@csah ~]$ oc edit configs.imageregistry.operator.openshift.io

7. In the YAML output, under spec, change managementState from the default value, Removed, to Managed, and add the PVC name as the storage key, as follows.

Note: To use the storage that was created in the Unity array, ensure that the managementState value is set to Managed.

spec:

  managementState: Managed

  storage:

    pvc:

      claim: nfspvc

Note: Leaving claim empty automatically creates a PVC.

8. Type :wq to save the changes.

[core@csah ~]$ oc edit configs.imageregistry.operator.openshift.io

config.imageregistry.operator.openshift.io/cluster edited

Operators such as image-registry, apiserver, and so on are in a PROGRESSING True state for few minutes before they become AVAILABLE True.

Note: Receiving a permissions error during an attempt to push an image to an NFS-based image registry is a known issue. For more information, see the Knowledgebase in the Red Hat Customer Portal.

Validating the image registry

Note: Perform these steps regardless of whether you use NFS-based or iSCSI-based Unity storage.

Validate the image registry as follows:

1. Verify that the AVAILABLE column displays True for all the cluster operators:

Figure 10.     Cluster operators status check

Note: Although image-registry is the cluster operator to be verified, other cluster operators such as operator-lifecycle-manager and kube-apiserver might change. We recommend that you check all cluster operators before proceeding.

2. Ensure that the image registry pods are all in the Running state, as shown here:

Figure 11.     Image registry pod status

3. Verify that the registry storage ClaimName that is used for the image registry pod in the preceding output matches the PVC name:

[core@csah ~]$ oc describe pod image-registry-54d58569dc-tlvr4 -n openshift-image-registry | grep -i volumes -A 4

Volumes:

  registry-storage:

    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)

    ClaimName:  nfspvc

    ReadOnly:   false

4. Connect to any master or worker node in the OpenShift Container Platform cluster by running the following command as user core in CSAH node:

[core@csah ~]$ oc debug nodes/etcd-0.example.com

Starting pod/etcd-0examplecom-debug ...

To use host binaries, run `chroot /host`

Pod IP: 100.82.46.21

If you don't see a command prompt, try pressing enter.

sh-4.2# chroot /host

5. Log in as kubeadmin:

sh-4.4#  oc login -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Login successful.

You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

6. Test the connection to the image registry service listening in port 5000:

sh-4.4# podman login -u kubeadmin -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000

Login Succeeded!