oc-adm-registry - Man Page

Install the integrated Docker registry


oc adm registry [Options]


Install or configure an integrated Docker registry

This command sets up a Docker registry integrated with your cluster to provide notifications when images are pushed. With no arguments, the command will check for the existing registry service called 'docker-registry' and try to create it. If you want to test whether the registry has been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

To run a highly available registry, you should be using a remote storage mechanism like an object store (several are supported by the Docker registry). The default Docker registry image is configured to accept configuration as environment variables - refer to the configuration file in that image for more on setting up alternative storage. Once you've made those changes, you can pass --replicas=2 or higher to ensure you have failover protection. The default registry setup uses a local volume and the data will be lost if you delete the running pod.

If multiple ports are specified using the option --ports, the first specified port will be chosen for use as the REGISTRY HTTP ADDR and will be passed to Docker registry.

NOTE: This command is intended to simplify the tasks of setting up a Docker registry in a new installation. Some configuration beyond this command is still required to make your registry persist data.



Specify the ClusterIP value for the docker-registry service


deprecated; this is now the default behavior


If true, use a daemonset instead of a deployment config.


If true, show the result of the operation without performing it.


If true, the registry will refuse to write blobs if they exceed quota limits


Specify fsGroup which is an ID that grants group access to registry block storage


The image to base this registry on - ${component} will be replaced with --type


A set of labels to uniquely identify the registry and its components.


If true, attempt to use the latest image for the registry instead of the latest release.


If true, do not contact the apiserver


If set, the registry volume will be created as a host-mount at this path.

-o,  --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).


The preferred API versions of the output objects


A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.


The replication factor of the registry; commonly 2 when high availability is desired.


Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.


Name of the service account to use to run the registry pod.

-a,  --show-all=true

When printing, show all resources (false means hide terminated pods.)


When printing, show all labels as the last column (default hide labels column)


If non-empty, sort list types using this field specification.  The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.


Specify supplemental groups which is an array of ID's that grants group access to registry shared storage


Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].


An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS


An optional path to a PEM encoded private key for serving over TLS


The registry image to use - if you specify --images this flag may be ignored.


The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.

Options Inherited from Parent Commands


Allow a SignatureVerifier to use keys which are technically non-compliant with RFC6962.


log to standard error as well as files


Max number of application metrics to store (per container)


Username to impersonate for the operation


Group to impersonate for the operation, this flag can be repeated to specify multiple groups.


Path to the file containing Azure container registry configuration information.


Comma-separated list of files to check for boot-id. Use the first one that exists.


Default HTTP cache directory


Path to a cert file for the certificate authority


Path to a client certificate file for TLS


Path to a client key file for TLS


CIDRs opened in GCE firewall for LB traffic proxy health checks


The name of the kubeconfig cluster to use


location of the container hints file


containerd endpoint


The name of the kubeconfig context to use


Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.


Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.


docker endpoint


use TLS to connect to docker


path to trusted CA


path to client certificate


path to private key


a comma-separated list of environment variable keys that needs to be collected for docker containers


Only report docker containers in addition to root stats


DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker)


Whether to enable cpu load reader


Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types


Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types


Interval between global housekeepings


Interval between container housekeepings


If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure


Path to the kubeconfig file to use for CLI requests.


Maximum number of seconds between log flushes


when logging hits line file:N, emit a stack trace


Whether to log the usage of the cAdvisor container


If non-empty, write log files in this directory


log to standard error instead of files


Comma-separated list of files to check for machine-id. Use the first one that exists.


Require server version to match client version

-n,  --namespace=""

If present, the namespace scope for this CLI request


The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

-s,  --server=""

The address and port of the Kubernetes API server


logs at or above this threshold go to stderr


Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction


database name


database host:port


database password


use secure connection with database


table name


database username


Bearer token for authentication to the API server


The name of the kubeconfig user to use

-v,  --v=0

log level for V logs


Print version information and quit


comma-separated list of pattern=N settings for file-filtered logging


  # Check if default Docker registry ("docker-registry") has been created
  oc adm registry --dry-run
  # See what the registry will look like if created
  oc adm registry -o yaml
  # Create a registry with two replicas if it does not exist
  oc adm registry --replicas=2
  # Use a different registry image
  oc adm registry --images=myrepo/docker-registry:mytag
  # Enforce quota and limits on images
  oc adm registry --enforce-quota

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Openshift CLI User Manuals June 2016