Configuring the registry for Red Hat OpenShift Data Foundation

Red Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:

Ceph, a shared and distributed file system and on-premises object storage
NooBaa, providing a Multicloud Object Gateway

This document outlines the procedure to configure the image registry to use Ceph RGW storage.

Prerequisites

You have access to the cluster as a user with the role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the to provide object storage and Ceph RGW object storage.

Procedure

Create the object bucket claim using the ocs-storagecluster-ceph-rgw storage class. For example:

Get the bucket name by entering the following command:

$ bucket_name=$(oc get obc -n openshift-storage rgwtest -o jsonpath='{.spec.bucketName}')

Get the AWS credentials by entering the following commands:

$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwtest -o yaml | grep -w "AWS_ACCESS_KEY_ID:" | head -n1 | awk '{print $2}' | base64 --decode)

$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwtest -o yaml | grep -w "AWS_SECRET_ACCESS_KEY:" | head -n1 | awk '{print $2}' | base64 --decode)

Create the secret image-registry-private-configuration-user with the AWS credentials for the new bucket under openshift-image-registry project by entering the following command:

$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registry

Create a encryption route for Ceph RGW by entering the following command:

$ oc create route reencrypt <route_name> --service=rook-ceph-rgw-ocs-storagecluster-cephobjectstore --port=https -n openshift-storage

Get the route host by entering the following command:

$ route_host=$(oc get route <route_name> -n openshift-storage -o=jsonpath='{.spec.host}')

$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt  -n openshift-config

Configure the image registry to use the Ceph RGW object storage by entering the following command:

$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","s3":{"bucket":'\"${bucket_name}\"',"region":"us-east-1","regionEndpoint":'\"https://${route_host}\"',"virtualHostedStyle":false,"encrypt":false,"trustedCA":{"name":"image-registry-s3-bundle"}}}}}' --type=merge

Red Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:

NooBaa, providing a Multicloud Object Gateway

This document outlines the procedure to configure the image registry to use Noobaa storage.

Prerequisites

You have access to the cluster as a user with the cluster-admin role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the to provide object storage and Noobaa object storage.

Procedure

Create the object bucket claim using the openshift-storage.noobaa.io storage class. For example:

cat <<EOF | oc apply -f -
kind: ObjectBucketClaim
metadata:
  name: noobaatest
  namespace: openshift-storage
spec:
  storageClassName: openshift-storage.noobaa.io
  generateBucketName: noobaatest
EOF

Get the bucket name by entering the following command:

$ bucket_name=$(oc get obc -n openshift-storage noobaatest -o jsonpath='{.spec.bucketName}')

Get the AWS credentials by entering the following commands:

$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage noobaatest -o yaml | grep -w "AWS_ACCESS_KEY_ID:" | head -n1 | awk '{print $2}' | base64 --decode)

$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage noobaatest -o yaml | grep -w "AWS_SECRET_ACCESS_KEY:" | head -n1 | awk '{print $2}' | base64 --decode)

Create the secret image-registry-private-configuration-user with the AWS credentials for the new bucket under openshift-image-registry project by entering the following command:

Get the route host by entering the following command:

$ route_host=$(oc get route s3 -n openshift-storage -o=jsonpath='{.spec.host}')

$ oc extract secret/router-certs-default  -n openshift-ingress  --confirm

Configure the image registry to use the Nooba object storage by entering the following command:

Red Hat OpenShift Data Foundation integrates multiple storage types that you can use with the OpenShift image registry:

Ceph, a shared and distributed file system and on-premises object storage
NooBaa, providing a Multicloud Object Gateway

This document outlines the procedure to configure the image registry to use CephFS storage.

Prerequisites

You have access to the cluster as a user with the cluster-admin role.
You have access to the OKD web console.
You installed the oc CLI.
You installed the to provide object storage and CephFS file storage.

Procedure

Create a PVC to use the cephfs storage class. For example:

cat <<EOF | oc apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 name: registry-storage-pvc
 namespace: openshift-image-registry
spec:
 accessModes:
 - ReadWriteMany
 resources:
   requests:
     storage: 100Gi
 storageClassName: ocs-storagecluster-cephfs

Configure the image registry to use the CephFS file system storage by entering the following command:

$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","pvc":{"claim":"registry-storage-pvc"}}}}' --type=merge

Configuring the registry for OpenShift Data Foundation

Configuring the registry for Red Hat OpenShift Data Foundation