Bug 1704381
| Summary: | [DOCS] Exposing and Securing Registry are wrong | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Eric Rich <erich> |
| Component: | Documentation | Assignee: | Brandi Munilla <bmcelvee> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Wenjing Zheng <wzheng> |
| Severity: | urgent | Docs Contact: | Vikram Goyal <vigoyal> |
| Priority: | low | ||
| Version: | 4.1.0 | CC: | aos-bugs, jokerman, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | 4.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-03 13:53:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1704358 | ||
| Bug Blocks: | 1704382 | ||
|
Description
Eric Rich
2019-04-29 15:55:25 UTC
To automatically secure the registry you should simply have to do: > oc patch configs.imageregistry.operator.openshift.io/cluster -p '{"spec":{"defaultRoute":true}}' But this is likely blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1704358 Be aware of how to patch resources (CRD's): https://bugzilla.redhat.com/show_bug.cgi?id=1704358 Thank you! I have a WIP PR for the Registry Operator, and I dropped the patch command in (though I'll likely move it). https://github.com/openshift/openshift-docs/pull/14476 Eric, I commented out the "Securing and exposing the registry" topic in https://github.com/openshift/openshift-docs/pull/14986. There is a section to secure the registry in the operator topic: https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html (merged from previous comment) Do you think the entire "Securing and exposing the registry" topic should be removed from 4.1 or rewritten and added back post-GA? Thanks! Wenjing, would you mind please taking a look too? Thanks! Comments are added to the pull request, please follow up there. The content in https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html covers the ask (at a high level) that this BZ was aiming to resolve. However, I now have the following nits (on this content). I think the patch command in https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html#registry-operator-default-crd_configuring-registry-operator needs to say 'true' not 'false' https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html#registry-configuring-storage-baremetal_configuring-registry-operator and https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html#registry-configuring-storage-vsphere_configuring-registry-operator need more concrete examples in step 3. In 4.x, registry is secured by default, so the part https://docs.openshift.com/container-platform/4.1/registry/configuring-registry-operator.html#registry-operator-default-crd_configuring-registry-operator can be removed, plus the patch command is not to secure registry, it is just to enable default external route. Thanks, Eric and Wenjing! I updated the patch command and the module to `true` and changed the context to enable the default route. Since the whole section of Securing Registry needs to be removed, so I will assign this bug back. Removed the securing the registry manually module, but left the exposing the registry content. That content is linked from two other assemblies. The whole section of Securing Registry has been moved, so move this bug to verified. Thanks, Brandi! Thanks so much! PR merged. |