3.2. Configuring the registry for GCP user-provisioned infrastructure


3.2.1. Configuring a secret for the Image Registry Operator

In addition to the configs.imageregistry.operator.openshift.io and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the openshift-image-registry namespace.

The image-registry-private-configuration-user secret provides credentials needed for storage access and management. It overrides the default credentials used by the Operator, if default credentials were found.

For GCS on GCP storage, the secret is expected to contain one key whose value is the contents of a credentials file provided by GCP:

  • REGISTRY_STORAGE_GCS_KEYFILE

Procedure

  • Create an OpenShift Container Platform secret that contains the required keys.

    $ oc create secret generic image-registry-private-configuration-user --from-file=REGISTRY_STORAGE_GCS_KEYFILE=<path_to_keyfile> --namespace openshift-image-registry

3.2.2. Registry storage for GCP with user-provisioned infrastructure

You must set up the storage medium manually and configure the settings in the registry custom resource (CR).

Prerequisites

  • A cluster on GCP with user-provisioned infrastructure.
  • To configure registry storage for GCP, you need to provide Registry Operator cloud credentials.
  • For GCS on GCP storage, the secret is expected to contain one key whose value is the contents of a credentials file provided by GCP:

    • REGISTRY_STORAGE_GCS_KEYFILE

3.2.3. Image Registry Operator configuration parameters for GCP GCS

Procedure

The following configuration parameters are available for GCP GCS registry storage.

ParameterDescription

bucket

Bucket is the bucket name in which you want to store the registry’s data. It is optional and is generated if not provided.

region

Region is the GCS location in which your bucket exists. It is optional and is set based on the installed GCS Region.

projectID

ProjectID is the Project ID of the GCP project that this bucket should be associated with. It is optional.

keyID

KeyID is the KMS key ID to use for encryption. It is optional because buckets are encrypted by default on GCP. This allows for the use of a custom encryption key.

Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.