redirect parameter not working about image-registry HOT 10 CLOSED

You can set the environment variable REGISTRY_STORAGE_REDIRECT_DISABLE=true

from image-registry.

@rhnewtron can you elaborate on the parameter? The upstream registry has 4 parameters for the Azure storage driver: accountname, accountkey, container, and realm [1].

from image-registry.

It's about this:

storage:
  ....
  redirect:
    disable: false

Described here https://docs.openshift.com/container-platform/3.11/install_config/registry/extended_registry_configuration.html#docker-registry-configuration-reference-storage

I need

storage:
  redirect:
    disable: true

from image-registry.

This was a great tipp. I set the Environment on the Registry and now I can push and pull Images with the Azure Backend from the Registry via the exposed route without granting vnet access to everyone. I think this is very valuable for the documentation.

env:

            - name: REGISTRY_STORAGE_REDIRECT_DISABLE
              value: "true"

from image-registry.

From my side the issue can be closed. However updating the documentation for azure specifics (vnet security for storage accounts) may be a great follow up ticket.

from image-registry.

@dmage something we need to factor in to the image-registry-operator?

from image-registry.

@adambkaplan we may want to expose this setting for UPI installations. We need to weigh benefits of vnet security

from image-registry.

@adambkaplan we may want to expose this setting for UPI installations.

why would we make a distinction on config options for ipi vs upi?

the critical issue in my mind is what we default content redirect to be enabled on azure installations, based on whether vnet security is on or not.

from image-registry.

@bparees we don't enable vnet security on IPI, so we don't need this option there. But this option will be available for IPI and UPI.

from image-registry.

The option disableRedirects is added to the image registry operator config.

from image-registry.