oc-adm-registry man page
oc adm registry — Install the integrated Docker registry
Synopsis
oc adm registry [Options]
Description
Install or configure an integrated Docker registry
This command sets up a Docker registry integrated with your cluster to provide notifications when images are pushed. With no arguments, the command will check for the existing registry service called 'docker-registry' and try to create it. If you want to test whether the registry has been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.
To run a highly available registry, you should be using a remote storage mechanism like an object store (several are supported by the Docker registry). The default Docker registry image is configured to accept configuration as environment variables - refer to the configuration file in that image for more on setting up alternative storage. Once you've made those changes, you can pass --replicas=2 or higher to ensure you have failover protection. The default registry setup uses a local volume and the data will be lost if you delete the running pod.
If multiple ports are specified using the option --ports, the first specified port will be chosen for use as the REGISTRY HTTP ADDR and will be passed to Docker registry.
NOTE: This command is intended to simplify the tasks of setting up a Docker registry in a new installation. Some configuration beyond this command is still required to make your registry persist data.
Options
- --create=false
deprecated; this is now the default behavior
- --daemonset=false
If true, use a daemonset instead of a deployment config.
- --dry-run=false
If true, show the result of the operation without performing it.
- --enforce-quota=false
If true, the registry will refuse to write blobs if they exceed quota limits
- --images="openshift/origin-${component}:${version}"
The image to base this registry on - ${component} will be replaced with --type
- --labels="docker-registry=default"
A set of labels to uniquely identify the registry and its components.
- --latest-images=false
If true, attempt to use the latest image for the registry instead of the latest release.
- --mount-host=""
If set, the registry volume will be created as a host-mount at this path.
- -o, --output=""
Output results as yaml or json instead of executing, or use name for succint output (resource/name).
- --output-version=""
The preferred API versions of the output objects
- --ports="5000"
A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.
- --replicas=1
The replication factor of the registry; commonly 2 when high availability is desired.
- --selector=""
Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.
- --service-account="registry"
Name of the service account to use to run the registry pod.
- --tls-certificate=""
An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS
- --tls-key=""
An optional path to a PEM encoded private key for serving over TLS
- --type="docker-registry"
The registry image to use - if you specify --images this flag may be ignored.
- --volume="/registry"
The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.
Options Inherited from Parent Commands
- --api-version=""
DEPRECATED: The API version to use when talking to the server
- --as=""
Username to impersonate for the operation
- --azure-container-registry-config=""
Path to the file container Azure container registry configuration information.
- --certificate-authority=""
Path to a cert. file for the certificate authority
- --client-certificate=""
Path to a client certificate file for TLS
- --client-key=""
Path to a client key file for TLS
- --cluster=""
The name of the kubeconfig cluster to use
- --config=""
Path to the config file to use for CLI requests.
- --context=""
The name of the kubeconfig context to use
- --google-json-key=""
The Google Cloud Platform Service Account JSON Key to use for authentication.
- --insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
- --log-flush-frequency=0
Maximum number of seconds between log flushes
- --match-server-version=false
Require server version to match client version
- -n, --namespace=""
If present, the namespace scope for this CLI request
- --request-timeout="0"
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
- --server=""
The address and port of the Kubernetes API server
- --token=""
Bearer token for authentication to the API server
- --user=""
The name of the kubeconfig user to use
Example
# Check if default Docker registry ("docker-registry") has been created
oc adm registry --dry-run
# See what the registry will look like if created
oc adm registry -o yaml
# Create a registry with two replicas if it does not exist
oc adm registry --replicas=2
# Use a different registry image
oc adm registry --images=myrepo/docker-registry:mytag
# Enforce quota and limits on images
oc adm registry --enforce-quotaSee Also
History
June 2016, Ported from the Kubernetes man-doc generator