Menu Close

2.10.17. Initial Operator configuration

After the control plane initializes, you must immediately configure some Operators so that they all become available.

Prerequisites

  • Your control plane has initialized.

Procedure

  1. Watch the cluster components come online: 

    $ watch -n5 oc get clusteroperators

    Example output

    NAME                                 VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
authentication                       4.5.4     True        False         False      69s
cloud-credential                     4.5.4     True        False         False      12m
cluster-autoscaler                   4.5.4     True        False         False      11m
console                              4.5.4     True        False         False      46s
dns                                  4.5.4     True        False         False      11m
image-registry                       4.5.4     True        False         False      5m26s
ingress                              4.5.4     True        False         False      5m36s
kube-apiserver                       4.5.4     True        False         False      8m53s
kube-controller-manager              4.5.4     True        False         False      7m24s
kube-scheduler                       4.5.4     True        False         False      12m
machine-api                          4.5.4     True        False         False      12m
machine-config                       4.5.4     True        False         False      7m36s
marketplace                          4.5.4     True        False         False      7m54m
monitoring                           4.5.4     True        False         False      7h54s
network                              4.5.4     True        False         False      5m9s
node-tuning                          4.5.4     True        False         False      11m
openshift-apiserver                  4.5.4     True        False         False      11m
openshift-controller-manager         4.5.4     True        False         False      5m943s
openshift-samples                    4.5.4     True        False         False      3m55s
operator-lifecycle-manager           4.5.4     True        False         False      11m
operator-lifecycle-manager-catalog   4.5.4     True        False         False      11m
service-ca                           4.5.4     True        False         False      11m
service-catalog-apiserver            4.5.4     True        False         False      5m26s
service-catalog-controller-manager   4.5.4     True        False         False      5m25s
storage                              4.5.4     True        False         False      5m30s

  2. Configure the Operators that are not available.

2.10.17.1. Image registry storage configuration

Amazon Web Services provides default storage, which means the Image Registry Operator is available after installation. However, if the Registry Operator cannot create an S3 bucket and automatically configure storage, you must manually configure registry storage.

Instructions are shown for configuring a persistent volume, which is required for production clusters. Where applicable, instructions are shown for configuring an empty directory as the storage location, which is available for only non-production clusters.

Additional instructions are provided for allowing the image registry to use block storage types by using the Recreate rollout strategy during upgrades.

2.10.17.1.1. Configuring registry storage for AWS with user-provisioned infrastructure

During installation, your cloud credentials are sufficient to create an Amazon S3 bucket and the Registry Operator will automatically configure storage.

If the Registry Operator cannot create an S3 bucket and automatically configure storage, you can create an S3 bucket and configure storage with the following procedure.

Prerequisites

  • A cluster on AWS with user-provisioned infrastructure.

  • For Amazon S3 storage, the secret is expected to contain two keys:

    • REGISTRY_STORAGE_S3_ACCESSKEY
    • REGISTRY_STORAGE_S3_SECRETKEY

Procedure

Use the following procedure if the Registry Operator cannot create an S3 bucket and automatically configure storage.

  1. Set up a Bucket Lifecycle Policy to abort incomplete multipart uploads that are one day old.

  2. Fill in the storage configuration in configs.imageregistry.operator.openshift.io/cluster: 

    $ oc edit configs.imageregistry.operator.openshift.io/cluster

    Example configuration

    storage:
  s3:
    bucket: <bucket-name>
    region: <region-name>

警告

To secure your registry images in AWS, block public access to the S3 bucket.

2.10.17.1.2. Configuring storage for the image registry in non-production clusters

You must configure storage for the Image Registry Operator. For non-production clusters, you can set the image registry to an empty directory. If you do so, all images are lost if you restart the registry.

Procedure

  1. To set the image registry storage to an empty directory: 

    $ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'
    警告

    Configure this option for only non-production clusters.

    If you run this command before the Image Registry Operator initializes its components, the oc patch command fails with the following error: 

    Error from server (NotFound): configs.imageregistry.operator.openshift.io "cluster" not found

    Wait a few minutes and run the command again.

  2. Ensure that your registry is set to managed to enable building and pushing of images.

    • Run: 

      $ oc edit configs.imageregistry/cluster

      Then, change the line 

      managementState: Removed

      to 

      managementState: Managed