Menu Close

2.10.17. Initial Operator configuration

After the control plane initializes, you must immediately configure some Operators so that they all become available.


  • Your control plane has initialized.


  1. Watch the cluster components come online:

    $ watch -n5 oc get clusteroperators

    Example output

    NAME                                 VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
    authentication                       4.5.4     True        False         False      69s
    cloud-credential                     4.5.4     True        False         False      12m
    cluster-autoscaler                   4.5.4     True        False         False      11m
    console                              4.5.4     True        False         False      46s
    dns                                  4.5.4     True        False         False      11m
    image-registry                       4.5.4     True        False         False      5m26s
    ingress                              4.5.4     True        False         False      5m36s
    kube-apiserver                       4.5.4     True        False         False      8m53s
    kube-controller-manager              4.5.4     True        False         False      7m24s
    kube-scheduler                       4.5.4     True        False         False      12m
    machine-api                          4.5.4     True        False         False      12m
    machine-config                       4.5.4     True        False         False      7m36s
    marketplace                          4.5.4     True        False         False      7m54m
    monitoring                           4.5.4     True        False         False      7h54s
    network                              4.5.4     True        False         False      5m9s
    node-tuning                          4.5.4     True        False         False      11m
    openshift-apiserver                  4.5.4     True        False         False      11m
    openshift-controller-manager         4.5.4     True        False         False      5m943s
    openshift-samples                    4.5.4     True        False         False      3m55s
    operator-lifecycle-manager           4.5.4     True        False         False      11m
    operator-lifecycle-manager-catalog   4.5.4     True        False         False      11m
    service-ca                           4.5.4     True        False         False      11m
    service-catalog-apiserver            4.5.4     True        False         False      5m26s
    service-catalog-controller-manager   4.5.4     True        False         False      5m25s
    storage                              4.5.4     True        False         False      5m30s

  2. Configure the Operators that are not available. Image registry storage configuration

Amazon Web Services provides default storage, which means the Image Registry Operator is available after installation. However, if the Registry Operator cannot create an S3 bucket and automatically configure storage, you must manually configure registry storage.

Instructions are shown for configuring a persistent volume, which is required for production clusters. Where applicable, instructions are shown for configuring an empty directory as the storage location, which is available for only non-production clusters.

Additional instructions are provided for allowing the image registry to use block storage types by using the Recreate rollout strategy during upgrades. Configuring registry storage for AWS with user-provisioned infrastructure

During installation, your cloud credentials are sufficient to create an Amazon S3 bucket and the Registry Operator will automatically configure storage.

If the Registry Operator cannot create an S3 bucket and automatically configure storage, you can create an S3 bucket and configure storage with the following procedure.


  • A cluster on AWS with user-provisioned infrastructure.
  • For Amazon S3 storage, the secret is expected to contain two keys:



Use the following procedure if the Registry Operator cannot create an S3 bucket and automatically configure storage.

  1. Set up a Bucket Lifecycle Policy to abort incomplete multipart uploads that are one day old.
  2. Fill in the storage configuration in

    $ oc edit

    Example configuration

        bucket: <bucket-name>
        region: <region-name>


To secure your registry images in AWS, block public access to the S3 bucket. Configuring storage for the image registry in non-production clusters

You must configure storage for the Image Registry Operator. For non-production clusters, you can set the image registry to an empty directory. If you do so, all images are lost if you restart the registry.


  1. To set the image registry storage to an empty directory:

    $ oc patch cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'

    Configure this option for only non-production clusters.

    If you run this command before the Image Registry Operator initializes its components, the oc patch command fails with the following error:

    Error from server (NotFound): "cluster" not found

    Wait a few minutes and run the command again.

  2. Ensure that your registry is set to managed to enable building and pushing of images.

    • Run:

      $ oc edit configs.imageregistry/cluster

      Then, change the line

      managementState: Removed


      managementState: Managed