oc-adm-registry - Man Page

oc adm registry [Options]

Install or configure an integrated Docker registry

This command sets up a Docker registry integrated with your cluster to provide notifications when images are pushed. With no arguments, the command will check for the existing registry service called 'docker-registry' and try to create it. If you want to test whether the registry has been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

To run a highly available registry, you should be using a remote storage mechanism like an object store (several are supported by the Docker registry). The default Docker registry image is configured to accept configuration as environment variables - refer to the configuration file in that image for more on setting up alternative storage. Once you've made those changes, you can pass --replicas=2 or higher to ensure you have failover protection. The default registry setup uses a local volume and the data will be lost if you delete the running pod.

If multiple ports are specified using the option --ports, the first specified port will be chosen for use as the REGISTRY HTTP ADDR and will be passed to Docker registry.

NOTE: This command is intended to simplify the tasks of setting up a Docker registry in a new installation. Some configuration beyond this command is still required to make your registry persist data.

--cluster-ip=""

Specify the ClusterIP value for the docker-registry service

--create=false

deprecated; this is now the default behavior

--daemonset=false

If true, use a daemonset instead of a deployment config.

--dry-run=false

If true, show the result of the operation without performing it.

--enforce-quota=false

If true, the registry will refuse to write blobs if they exceed quota limits

--fs-group=""

Specify fsGroup which is an ID that grants group access to registry block storage

--images="openshift/origin-${component}:${version}"

The image to base this registry on - ${component} will be replaced with --type

--labels="docker-registry=default"

A set of labels to uniquely identify the registry and its components.

--latest-images=false

If true, attempt to use the latest image for the registry instead of the latest release.

--local=false

If true, do not contact the apiserver

--mount-host=""

If set, the registry volume will be created as a host-mount at this path.

-o,  --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).

--output-version=""

The preferred API versions of the output objects

--ports="5000"

A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.

--replicas=1

The replication factor of the registry; commonly 2 when high availability is desired.

--selector=""

Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.

--service-account="registry"

Name of the service account to use to run the registry pod.

-a,  --show-all=true

When printing, show all resources (false means hide terminated pods.)

--show-labels=false

When printing, show all labels as the last column (default hide labels column)

--sort-by=""

If non-empty, sort list types using this field specification.  The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.

--supplemental-groups=[]

Specify supplemental groups which is an array of ID's that grants group access to registry shared storage

--template=""

Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].

--tls-certificate=""

An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS

--tls-key=""

An optional path to a PEM encoded private key for serving over TLS

--type="docker-registry"

The registry image to use - if you specify --images this flag may be ignored.

--volume="/registry"

The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.

--allow_verification_with_non_compliant_keys=false

Allow a SignatureVerifier to use keys which are technically non-compliant with RFC6962.

--alsologtostderr=false

log to standard error as well as files

--application_metrics_count_limit=100

Max number of application metrics to store (per container)

--as=""

Username to impersonate for the operation

--as-group=[]

Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

--azure-container-registry-config=""

Path to the file containing Azure container registry configuration information.

--boot_id_file="/proc/sys/kernel/random/boot_id"

Comma-separated list of files to check for boot-id. Use the first one that exists.

--cache-dir="/builddir/.kube/http-cache"

Default HTTP cache directory

--certificate-authority=""

Path to a cert file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

CIDRs opened in GCE firewall for LB traffic proxy health checks

--cluster=""

The name of the kubeconfig cluster to use

--container_hints="/etc/cadvisor/container_hints.json"

location of the container hints file

--containerd="unix:///var/run/containerd.sock"

containerd endpoint

--context=""

The name of the kubeconfig context to use

--default-not-ready-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

--default-unreachable-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

--docker="unix:///var/run/docker.sock"

docker endpoint

--docker-tls=false

use TLS to connect to docker

--docker-tls-ca="ca.pem"

path to trusted CA

--docker-tls-cert="cert.pem"

path to client certificate

--docker-tls-key="key.pem"

path to private key

--docker_env_metadata_whitelist=""

a comma-separated list of environment variable keys that needs to be collected for docker containers

--docker_only=false

Only report docker containers in addition to root stats

--docker_root="/var/lib/docker"

DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker)

--enable_load_reader=false

Whether to enable cpu load reader

--event_storage_age_limit="default=24h"

Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types

--event_storage_event_limit="default=100000"

Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types

--global_housekeeping_interval=0

Interval between global housekeepings

--housekeeping_interval=0

Interval between container housekeepings

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--kubeconfig=""

Path to the kubeconfig file to use for CLI requests.

--log-flush-frequency=0

Maximum number of seconds between log flushes

--log_backtrace_at=:0

when logging hits line file:N, emit a stack trace

--log_cadvisor_usage=false

Whether to log the usage of the cAdvisor container

--log_dir=""

If non-empty, write log files in this directory

--logtostderr=true

log to standard error instead of files

--machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"

Comma-separated list of files to check for machine-id. Use the first one that exists.

--match-server-version=false

Require server version to match client version

-n,  --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

-s,  --server=""

The address and port of the Kubernetes API server

--stderrthreshold=2

logs at or above this threshold go to stderr

--storage_driver_buffer_duration=0

Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

--storage_driver_db="cadvisor"

database name

--storage_driver_host="localhost:8086"

database host:port

--storage_driver_password="root"

database password

--storage_driver_secure=false

use secure connection with database

--storage_driver_table="stats"

table name

--storage_driver_user="root"

database username

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

-v,  --v=0

log level for V logs

--version=false

Print version information and quit

--vmodule=

comma-separated list of pattern=N settings for file-filtered logging

  # Check if default Docker registry ("docker-registry") has been created
  oc adm registry --dry-run
  
  # See what the registry will look like if created
  oc adm registry -o yaml
  
  # Create a registry with two replicas if it does not exist
  oc adm registry --replicas=2
  
  # Use a different registry image
  oc adm registry --images=myrepo/docker-registry:mytag
  
  # Enforce quota and limits on images
  oc adm registry --enforce-quota

oc-adm(1),

June 2016, Ported from the Kubernetes man-doc generator

oc-adm(1).