The registry operator manages a singleton instance of the openshift registry. It manages all configuration of the registry including creating storage.

On initial startup the operator will create a default image-registry resource instance based on configuration detected in the cluster (e.g. what cloud storage type to use based on the cloud provider).

If insufficient information is available to define a complete image-registry resource, the incomplete resource will be defined and the operator will update the resource status with information about what is missing.

The registry operator runs in the openshift-image-registry namespace, and manages the registry instance in that location as well. All configuration+workload resources for the registry reside in that namespace.

The image-registry resource offers the following configuration fields:

• ManagementState
  • Managed - the operator will update the registry as configuration resources are updated
  • Unmanaged - the operator will ignore changes to the configuration resources
  • Removed - the operator will remove the registry instance and tear down any storage that the operator provisioned.
• Logging
  • Sets loglevel of the registry instance
• HTTPSecret
  • Value needed by the registry to secure uploads, generated by default.
• Proxy
  • Not currently implemented
  • Defines the Proxy to be used when calling master api, upstream registries, etc
• Storage
  • Storagetype details for configuring registry storage, e.g. S3 bucket coordinates.
  • Normally configured by default
• Requests
  • API Request Limit details
  • Controls how many parallel requests a given registry instance will handle before queuing additional requests
• DefaultRoute
  • Determines whether or not an external route is defined using the default hostname. If enabled, the route uses re-encrypt encryption.
  • Defaults to false today
• Routes
  • Array of additional routes to create
  • User provides hostname, certificate for the route
• Replicas
  • Replica count for the registry

In addition to the image-registry resource, additional config is provided to the operator via separate configmap + secret resources located within the openshift-image-registry namespace:

Provides additional CAs for contacting upstream registries. Mounted to /etc/pki/ca-trust/source/anchors in the registry pod.

Provides credentials needed for storage management/access, overrides the default credentials used by the operator, if default credentials were found.

For S3 storage it is expected to contain two keys:

• REGISTRY_STORAGE_S3_ACCESSKEY
• REGISTRY_STORAGE_S3_SECRETKEY

The registry operator reports status in two places:

A ClusterOperator resource is defined in the cluster scope which reflects the state of the registry operator at a high level. Retrievable via:

oc get clusteroperators.config.openshift.io/cluster-image-registry-operator -o yaml -n openshift-image-registry

The image-registry resource itself has a status section with detailed conditions indicating the state of the managed registry, you can view this via:

oc get configs.imageregistry.operator.openshift.io/instance  -o yaml -n openshift-image-registry

If you cannot access your registry, check the following:

Is the registry deployed? Check for a registry deployment + corresponding pod in the openshift-image-registry namespace:

oc get deployment image-registry -n openshift-image-registry
oc get pods -n openshift-image-registry | grep image-registry | grep -v operator

If there is no registry pod, check the deployment for any error conditions:

oc get deployment image-registry -o yaml -n openshift-image-registry

If there is no registry deployment, check the image-registry resource instance for any error conditions:

oc get configs.imageregistry.operator.openshift.io/instance -o yaml -n openshift-image-registry

If there is no image-registry resource at all, check if the image-registry operator deployment exists:

oc get deployment/cluster-image-registry-operator -n openshift-image-registry

If the operator deployment exists, check for the corresponding pod and, if it exists, check its logs:

oc get pods  -n openshift-image-registry | grep cluster-image-registry-operator
oc logs cluster-image-registry-operator-5c8bcf89bb-4nr8p -n openshift-image-registry

If the operator pod does not exist, inspect the deployment to determine why the operator pod was not created:

oc get deployment cluster-image-registry-operator -o yaml -n openshift-image-registry

If the deployment does not exist:

Something went wrong at the installer/CVO level that it did not deploy the image-registry operator.