Bug 1701422 - [api-freeze] switch to port 443 for registry service
Summary: [api-freeze] switch to port 443 for registry service
Status: POST
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image Registry
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.0
Assignee: Adam Kaplan
QA Contact: Wenjing Zheng
Depends On:
TreeView+ depends on / blocked
Reported: 2019-04-18 22:44 UTC by Ben Parees
Modified: 2019-07-27 07:01 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github openshift cluster-image-registry-operator pull 322 None None None 2019-07-17 19:20:03 UTC
Github openshift openshift-controller-manager pull 7 None None None 2019-07-19 16:56:33 UTC
Github openshift origin pull 23408 None None None 2019-07-17 15:24:36 UTC

Description Ben Parees 2019-04-18 22:44:25 UTC
Description of problem:
Before api freeze we need to switch the registry service port from 5000 to 443 so that the service hostname does not need to include a port suffix.

The internal registry itself can stay on :5000, only the service port needs to change.

I think this may also necessitate a change to the service account controller which generates the docker config secret since that includes the registry hostname.  There is a goal to make that controller use the cluster image config info, but it does not currently.

Comment 2 Adam Kaplan 2019-05-02 15:22:23 UTC
Per thread in aos-devel, targeting this for 4.2 and removing from the 4.1 beta blocker list.

Comment 3 Adam Kaplan 2019-07-26 18:53:04 UTC
Increasing target to 4.3.0. Downgrading severity to "medium" since we will need to simultaneously support port 443 and port 5000 for quite some time.

Per @Oleg there are several touch points that need to know all possible internal registry host locations, such as the registry itself and the image pruner.

Note You need to log in before you can comment on or make changes to this bug.