Using Multicloud Object Gateway as OpenShift Image Registry backend storage

Use this section to use Multicloud Object Gateway (MCG) as OpenShift Container Platform (OCP) Image Registry backend storage in an on-prem OpenShift deployment.

About this task

You can use Multicloud Object Gateway (MCG) as OpenShift Container Platform (OCP) Image Registry backend storage in an on-prem OpenShift deployment.

Before you begin

Be sure that you have the following:
  • You have administrative access to OpenShift Web Console.
  • A running Fusion Data Foundation cluster with MCG.

Procedure

  1. Create ObjectBucketClaim by following the steps in Dynamic Object Bucket Claim.
  2. Create an image-registry-private-configuration-user secret.
    1. Go to the OpenShift web-console.
    2. Click ObjectBucketClaim -→ ObjectBucketClaim Data.
    3. In the ObjectBucketClaim data, look for MCG access key and MCG secret key in the openshift-image-registry namespace.
    4. Create the secret using the following command:
      $ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=<MCG Accesskey> --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=<MCG Secretkey> --namespace openshift-image-registry
  3. Change the status of managementState of Image Registry Operator to Managed.
    $ oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec": {"managementState": "Managed"}}'
  4. Edit the spec.storage section of Image Registry Operator configuration file:
    1. Get the unique-bucket-name and regionEndpoint under the Object Bucket Claim Data section from the Web Console OR you can also get the information on regionEndpoint and unique-bucket-name from the command:
      $ oc describe  noobaa
    2. Add regionEndpoint as http://<Endpoint-name>:<port> if the
      • storageclass is ceph-rgw storageclass and the
      • endpoint points to the internal SVC from the openshift-storage namespace.
    3. An image-registry pod spawns after you make the changes to the Operator registry configuration file.
    $ oc edit configs.imageregistry.operator.openshift.io -n openshift-image-registry apiVersion: imageregistry.operator.openshift.io/v1 kind: Config metadata: [..] name: cluster spec: [..] storage: s3: bucket: <Unique-bucket-name> region: us-east-1 (Use this region as default) regionEndpoint: https://<Endpoint-name>:<port> virtualHostedStyle: false
  5. Reset the image registry settings to default.
    $ oc get pods -n openshift-image-registry

What to do next

  • Run the following command to check if you have configured the MCG as OpenShift Image Registry backend storage successfully.

    $ oc get pods -n openshift-image-registry
    
    NAME        	                                   READY   STATUS     RESTARTS    AGE
    
    cluster-image-registry-operator-56d78bc5fb-bxcgv   2/2 	   Running 	    0         44d
    image-pruner-1605830400-29r7k                  	   0/1 	   Completed    0         10h
    image-registry-b6c8f4596-ln88h                 	   1/1 	   Running 	    0         17d
    node-ca-2nxvz                                  	   1/1 	   Running    	0         44d
    node-ca-dtwjd                                  	   1/1 	   Running 	    0         44d
    node-ca-h92rj                                  	   1/1 	   Running 	    0         44d
    node-ca-k9bkd                                  	   1/1 	   Running 	    0         44d
    node-ca-stkzc                                  	   1/1 	   Running 	    0         44d
    node-ca-xn8h4                                  	   1/1 	   Running 	    0         44d
  • (Optional) You can the run the following command to verify if you have configured the MCG as OpenShift Image Registry backend storage successfully.

    $ oc describe pod image-registry-b6c8f4596-ln88h
    
    Environment:
    
          REGISTRY_STORAGE_S3_REGIONENDPOINT:      http://s3.openshift-storage.svc
    
          REGISTRY_STORAGE:                        s3
    
          REGISTRY_STORAGE_S3_BUCKET:              bucket-registry-mcg
    
          REGISTRY_STORAGE_S3_REGION:              us-east-1
    
          REGISTRY_STORAGE_S3_ENCRYPT:             true
    
          REGISTRY_STORAGE_S3_VIRTUALHOSTEDSTYLE:  false
    
          REGISTRY_STORAGE_S3_USEDUALSTACK:        true
    
          REGISTRY_STORAGE_S3_ACCESSKEY:           <set to the key 'REGISTRY_STORAGE_S3_ACCESSKEY' in secret 'image-registry-private-configuration'> Optional: false
    
          REGISTRY_STORAGE_S3_SECRETKEY:           <set to the key 'REGISTRY_STORAGE_S3_SECRETKEY' in secret 'image-registry-private-configuration'> Optional: false
    
          REGISTRY_HTTP_ADDR:                      :5000
    
          REGISTRY_HTTP_NET:                       tcp
    
          REGISTRY_HTTP_SECRET:                    57b943f691c878e342bac34e657b702bd6ca5488d51f839fecafa918a79a5fc6ed70184cab047601403c1f383e54d458744062dcaaa483816d82408bb56e686f
    
          REGISTRY_LOG_LEVEL:                      info
    
          REGISTRY_OPENSHIFT_QUOTA_ENABLED:        true
    
          REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR:   inmemory
    
          REGISTRY_STORAGE_DELETE_ENABLED:         true
    
          REGISTRY_OPENSHIFT_METRICS_ENABLED:      true
    
          REGISTRY_OPENSHIFT_SERVER_ADDR:          image-registry.openshift-image-registry.svc:5000
    
          REGISTRY_HTTP_TLS_CERTIFICATE:           /etc/secrets/tls.crt
    
          REGISTRY_HTTP_TLS_KEY:                   /etc/secrets/tls.key