oadm-registry man page

oadm registry ā€” Install the integrated Docker registry


oadm registry [Options]


Install or configure an integrated Docker registry

This command sets up a Docker registry integrated with your cluster to provide notifications when images are pushed. With no arguments, the command will check for the existing registry service called 'docker-registry' and try to create it. If you want to test whether the registry has been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

To run a highly available registry, you should be using a remote storage mechanism like an object store (several are supported by the Docker registry). The default Docker registry image is configured to accept configuration as environment variables - refer to the configuration file in that image for more on setting up alternative storage. Once you've made those changes, you can pass --replicas=2 or higher to ensure you have failover protection. The default registry setup uses a local volume and the data will be lost if you delete the running pod.

If multiple ports are specified using the option --ports, the first specified port will be chosen for use as the REGISTRY HTTP ADDR and will be passed to Docker registry.

NOTE: This command is intended to simplify the tasks of setting up a Docker registry in a new installation. Some configuration beyond this command is still required to make your registry persist data.



deprecated; this is now the default behavior


If true, use a daemonset instead of a deployment config.


If true, show the result of the operation without performing it.


If true, the registry will refuse to write blobs if they exceed quota limits


Specify fsGroup which is an ID that grants group access to registry block storage


The image to base this registry on - ${component} will be replaced with --type


A set of labels to uniquely identify the registry and its components.


If true, attempt to use the latest image for the registry instead of the latest release.


If set, the registry volume will be created as a host-mount at this path.

-o, --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).


The preferred API versions of the output objects


A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.


The replication factor of the registry; commonly 2 when high availability is desired.


Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.


Name of the service account to use to run the registry pod.


Specify supplemental groups which is an array of ID's that grants group access to registry shared storage


An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS


An optional path to a PEM encoded private key for serving over TLS


The registry image to use - if you specify --images this flag may be ignored.


The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.

Options Inherited from Parent Commands


DEPRECATED: The API version to use when talking to the server


Username to impersonate for the operation


Path to the file container Azure container registry configuration information.


Path to a cert. file for the certificate authority


Path to a client certificate file for TLS


Path to a client key file for TLS


The name of the kubeconfig cluster to use


Path to the config file to use for CLI requests.


The name of the kubeconfig context to use


The Google Cloud Platform Service Account JSON Key to use for authentication.


If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure


Maximum number of seconds between log flushes


Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request


The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.


The address and port of the Kubernetes API server


Bearer token for authentication to the API server


The name of the kubeconfig user to use


  # Check if default Docker registry ("docker-registry") has been created
  oadm registry --dry-run
  # See what the registry will look like if created
  oadm registry -o yaml
  # Create a registry with two replicas if it does not exist
  oadm registry --replicas=2
  # Use a different registry image
  oadm registry --images=myrepo/docker-registry:mytag
  # Enforce quota and limits on images
  oadm registry --enforce-quota

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Openshift CLI User Manuals June 2016