oc-adm-registry man page

oc adm registry [Options]

Install or configure an integrated Docker registry

This command sets up a Docker registry integrated with your cluster to provide notifications when images are pushed. With no arguments, the command will check for the existing registry service called 'docker-registry' and try to create it. If you want to test whether the registry has been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

To run a highly available registry, you should be using a remote storage mechanism like an object store (several are supported by the Docker registry). The default Docker registry image is configured to accept configuration as environment variables - refer to the configuration file in that image for more on setting up alternative storage. Once you've made those changes, you can pass --replicas=2 or higher to ensure you have failover protection. The default registry setup uses a local volume and the data will be lost if you delete the running pod.

If multiple ports are specified using the option --ports, the first specified port will be chosen for use as the REGISTRY HTTP ADDR and will be passed to Docker registry.

NOTE: This command is intended to simplify the tasks of setting up a Docker registry in a new installation. Some configuration beyond this command is still required to make your registry persist data.

--create=false

deprecated; this is now the default behavior

--daemonset=false

If true, use a daemonset instead of a deployment config.

--dry-run=false

If true, show the result of the operation without performing it.

--enforce-quota=false

If true, the registry will refuse to write blobs if they exceed quota limits

--fs-group=""

Specify fsGroup which is an ID that grants group access to registry block storage

--images="openshift/origin-${component}:${version}"

The image to base this registry on - ${component} will be replaced with --type

--labels="docker-registry=default"

A set of labels to uniquely identify the registry and its components.

--latest-images=false

If true, attempt to use the latest image for the registry instead of the latest release.

--mount-host=""

If set, the registry volume will be created as a host-mount at this path.

-o, --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).

--output-version=""

The preferred API versions of the output objects

--ports="5000"

A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.

--replicas=1

The replication factor of the registry; commonly 2 when high availability is desired.

--selector=""

Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.

--service-account="registry"

Name of the service account to use to run the registry pod.

--supplemental-groups=[]

Specify supplemental groups which is an array of ID's that grants group access to registry shared storage

--tls-certificate=""

An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS

--tls-key=""

An optional path to a PEM encoded private key for serving over TLS

--type="docker-registry"

The registry image to use - if you specify --images this flag may be ignored.

--volume="/registry"

The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--certificate-authority=""

Path to a cert. file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--log-flush-frequency=0

Maximum number of seconds between log flushes

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--server=""

The address and port of the Kubernetes API server

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

  # Check if default Docker registry ("docker-registry") has been created
  oc adm registry --dry-run
  
  # See what the registry will look like if created
  oc adm registry -o yaml
  
  # Create a registry with two replicas if it does not exist
  oc adm registry --replicas=2
  
  # Use a different registry image
  oc adm registry --images=myrepo/docker-registry:mytag
  
  # Enforce quota and limits on images
  oc adm registry --enforce-quota

oc-adm(1),

June 2016, Ported from the Kubernetes man-doc generator

oc-adm(1).