1701422 – [api-freeze] switch to port 443 for registry service

Bug 1701422 - [api-freeze] switch to port 443 for registry service

Summary: [api-freeze] switch to port 443 for registry service

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Image Registry
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Adam Kaplan
QA Contact:	Wenjing Zheng
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-04-18 22:44 UTC by Ben Parees
Modified:	2020-01-29 21:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-01-29 21:52:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift cluster-image-registry-operator pull 322	None	closed	Bug 1701422: Use port 443 for registry service	2020-02-07 08:51:42 UTC
Github	openshift openshift-controller-manager pull 7	None	closed	Bug 1701422: Multiple ports for registry service	2020-02-07 08:51:41 UTC
Github	openshift origin pull 23408	None	closed	Bug 1701422: Multiple ports for registry service	2020-02-07 08:51:41 UTC

Description Ben Parees 2019-04-18 22:44:25 UTC

Description of problem:
Before api freeze we need to switch the registry service port from 5000 to 443 so that the service hostname does not need to include a port suffix.

The internal registry itself can stay on :5000, only the service port needs to change.

I think this may also necessitate a change to the service account controller which generates the docker config secret since that includes the registry hostname.  There is a goal to make that controller use the cluster image config info, but it does not currently.

Comment 1 Adam Kaplan 2019-04-22 18:51:46 UTC

PR: https://github.com/openshift/cluster-image-registry-operator/pull/259

Comment 2 Adam Kaplan 2019-05-02 15:22:23 UTC

Per thread in aos-devel, targeting this for 4.2 and removing from the 4.1 beta blocker list.

Comment 3 Adam Kaplan 2019-07-26 18:53:04 UTC

Increasing target to 4.3.0. Downgrading severity to "medium" since we will need to simultaneously support port 443 and port 5000 for quite some time.

Per @Oleg there are several touch points that need to know all possible internal registry host locations, such as the registry itself and the image pruner.

Comment 4 Adam Kaplan 2019-11-01 21:05:12 UTC

Deferring to 4.4.0. At this point it is worth debating if we should pursue this change, or close as WONTFIX.

Comment 5 Adam Kaplan 2020-01-29 21:49:49 UTC

Moving this to https://issues.redhat.com/browse/DEVEXP-500 as an RFE/story.

Note You need to log in before you can comment on or make changes to this bug.