Bug 1701422 - [api-freeze] switch to port 443 for registry service
Summary: [api-freeze] switch to port 443 for registry service
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image Registry
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.4.0
Assignee: Adam Kaplan
QA Contact: Wenjing Zheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-18 22:44 UTC by Ben Parees
Modified: 2020-01-29 21:52 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-29 21:52:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift cluster-image-registry-operator pull 322 None closed Bug 1701422: Use port 443 for registry service 2020-02-07 08:51:42 UTC
Github openshift openshift-controller-manager pull 7 None closed Bug 1701422: Multiple ports for registry service 2020-02-07 08:51:41 UTC
Github openshift origin pull 23408 None closed Bug 1701422: Multiple ports for registry service 2020-02-07 08:51:41 UTC

Description Ben Parees 2019-04-18 22:44:25 UTC
Description of problem:
Before api freeze we need to switch the registry service port from 5000 to 443 so that the service hostname does not need to include a port suffix.

The internal registry itself can stay on :5000, only the service port needs to change.

I think this may also necessitate a change to the service account controller which generates the docker config secret since that includes the registry hostname.  There is a goal to make that controller use the cluster image config info, but it does not currently.

Comment 2 Adam Kaplan 2019-05-02 15:22:23 UTC
Per thread in aos-devel, targeting this for 4.2 and removing from the 4.1 beta blocker list.

Comment 3 Adam Kaplan 2019-07-26 18:53:04 UTC
Increasing target to 4.3.0. Downgrading severity to "medium" since we will need to simultaneously support port 443 and port 5000 for quite some time.

Per @Oleg there are several touch points that need to know all possible internal registry host locations, such as the registry itself and the image pruner.

Comment 4 Adam Kaplan 2019-11-01 21:05:12 UTC
Deferring to 4.4.0. At this point it is worth debating if we should pursue this change, or close as WONTFIX.

Comment 5 Adam Kaplan 2020-01-29 21:49:49 UTC
Moving this to https://issues.redhat.com/browse/DEVEXP-500 as an RFE/story.


Note You need to log in before you can comment on or make changes to this bug.