diff --git a/modules/registry-configuring-registry-storage-swift-trust.adoc b/modules/registry-configuring-registry-storage-swift-trust.adoc index d9fd2b74ba5f..211ba4f0067d 100644 --- a/modules/registry-configuring-registry-storage-swift-trust.adoc +++ b/modules/registry-configuring-registry-storage-swift-trust.adoc @@ -7,13 +7,14 @@ [id="registry-configuring-registry-storage-swift-trust_{context}"] = Configuring Image Registry Operator redirects +[role="_abstract"] By disabling redirects, you can configure the Image Registry Operator to control whether clients such as {product-title} cluster builds or external systems like developer machines are redirected to pull images directly from {rh-openstack-first} Swift storage. This configuration is optional and depends on whether the clients trust the storage's SSL/TLS certificates. [NOTE] ==== -In situations where clients to not trust the storage certificate, setting the `disableRedirect` option can be set to `true` proxies traffic through the image registry. Consequently, however, the image registry might require more resources, especially network bandwidth, to handle the increased load. +In situations where clients to not trust the storage certificate, setting the `disableRedirect` option can be set to `true` proxies traffic through the image registry. Consequently, however, the image registry might require more resources, especially network bandwidth, to handle the increased load. -Alternatively, if clients trust the storage certificate, the registry can allow redirects. This reduces resource demand on the registry itself. +Alternatively, if clients trust the storage certificate, the registry can allow redirects. This reduces resource demand on the registry itself. Some users might prefer to configure their clients to trust their self-signed certificate authorities (CAs) instead of disabling redirects. If you are using a self-signed CA, you must decide between trusting the custom CAs or disabling redirects. ==== diff --git a/modules/registry-configuring-storage-aws-user-infra.adoc b/modules/registry-configuring-storage-aws-user-infra.adoc index cf55dc3fd2e1..0bc761b8a465 100644 --- a/modules/registry-configuring-storage-aws-user-infra.adoc +++ b/modules/registry-configuring-storage-aws-user-infra.adoc @@ -8,12 +8,16 @@ [id="registry-configuring-storage-aws-user-infra_{context}"] = Configuring registry storage for AWS with user-provisioned infrastructure -During installation, your cloud credentials are sufficient to create an Amazon S3 bucket -and the Registry Operator will automatically configure storage. +[role="_abstract"] +During installation, your cloud credentials are sufficient to create an Amazon S3 bucket and the Registry Operator will automatically configure storage. -If the Registry Operator cannot create an S3 bucket and automatically configure -storage, you can create an S3 bucket and configure storage with the following -procedure. +If the Registry Operator cannot create an S3 bucket and automatically configure storage, you can create an S3 bucket and configure storage with the following procedure. + +[WARNING] +==== +To secure your registry images in AWS, link:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html[block public access] +to the S3 bucket. +==== .Prerequisites @@ -24,9 +28,6 @@ procedure. .Procedure -Use the following procedure if the Registry Operator cannot create an S3 bucket -and automatically configure storage. - . Set up a link:https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config[Bucket Lifecycle Policy] to abort incomplete multipart uploads that are one day old. @@ -41,14 +42,13 @@ $ oc edit configs.imageregistry.operator.openshift.io/cluster .Example configuration [source,yaml] ---- -storage: - s3: - bucket: - region: +apiVersion: imageregistry.operator.openshift.io/v1 +kind: Config +metadata: + name: cluster +spec: + storage: + s3: + bucket: + region: ---- - -[WARNING] -==== -To secure your registry images in AWS, link:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html[block public access] -to the S3 bucket. -==== diff --git a/modules/registry-configuring-storage-azure-gov-cloud.adoc b/modules/registry-configuring-storage-azure-gov-cloud.adoc index 26e955887f8b..1bcfb1b0a2ec 100644 --- a/modules/registry-configuring-storage-azure-gov-cloud.adoc +++ b/modules/registry-configuring-storage-azure-gov-cloud.adoc @@ -6,6 +6,7 @@ [id="registry-configuring-storage-azure-gov-cloud_{context}"] = Configuring registry storage for Azure Government +[role="_abstract"] During installation, your cloud credentials are sufficient to create Azure Blob Storage, and the Registry Operator automatically configures storage. diff --git a/modules/registry-configuring-storage-azure-user-infra.adoc b/modules/registry-configuring-storage-azure-user-infra.adoc index 01c55de7730c..6c713fd4b189 100644 --- a/modules/registry-configuring-storage-azure-user-infra.adoc +++ b/modules/registry-configuring-storage-azure-user-infra.adoc @@ -6,6 +6,7 @@ [id="registry-configuring-storage-azure-user-infra_{context}"] = Configuring registry storage for Azure +[role="_abstract"] During installation, your cloud credentials are sufficient to create Azure Blob Storage, and the Registry Operator automatically configures storage. @@ -31,8 +32,13 @@ $ oc edit configs.imageregistry.operator.openshift.io/cluster .Example configuration [source,yaml] ---- -storage: - azure: - accountName: - container: +apiVersion: imageregistry.operator.openshift.io/v1 +kind: Config +metadata: + name: cluster +spec: + storage: + azure: + accountName: + container: ---- diff --git a/modules/registry-configuring-storage-gcp-user-infra.adoc b/modules/registry-configuring-storage-gcp-user-infra.adoc index 4c45c0d2a13a..77b4ff99839b 100644 --- a/modules/registry-configuring-storage-gcp-user-infra.adoc +++ b/modules/registry-configuring-storage-gcp-user-infra.adoc @@ -6,6 +6,7 @@ [id="registry-configuring-storage-gcp-user-infra_{context}"] = Configuring the registry storage for {gcp-short} with user-provisioned infrastructure +[role="_abstract"] If the Registry Operator cannot create a {gcp-first} bucket, you must set up the storage medium manually and configure the settings in the registry custom resource (CR). .Prerequisites @@ -17,6 +18,11 @@ cloud credentials. contents of a credentials file provided by {gcp-short}: ** `REGISTRY_STORAGE_GCS_KEYFILE` +[WARNING] +==== +You can secure your registry images that use a {gcp-full} Storage bucket by setting link:https://cloud.google.com/storage/docs/using-public-access-prevention[public access prevention]. +==== + .Procedure . Set up an link:https://cloud.google.com/storage/docs/lifecycle[Object Lifecycle Management policy] to abort incomplete multipart uploads that are one day old. @@ -31,16 +37,14 @@ $ oc edit configs.imageregistry.operator.openshift.io/cluster .Example configuration [source,yaml] ---- -# ... -storage: - gcs: - bucket: - projectID: - region: -# ... +apiVersion: imageregistry.operator.openshift.io/v1 +kind: Config +metadata: + name: cluster +spec: + storage: + gcs: + bucket: + projectID: + region: ---- - -[WARNING] -==== -You can secure your registry images that use a {gcp-full} Storage bucket by setting link:https://cloud.google.com/storage/docs/using-public-access-prevention[public access prevention]. -==== diff --git a/modules/registry-configuring-storage-openstack-user-infra.adoc b/modules/registry-configuring-storage-openstack-user-infra.adoc index 4ddcbacb937f..c435418c820a 100644 --- a/modules/registry-configuring-storage-openstack-user-infra.adoc +++ b/modules/registry-configuring-storage-openstack-user-infra.adoc @@ -6,6 +6,7 @@ [id="registry-configuring-storage-openstack-user-infra_{context}"] = Registry storage for {rh-openstack} with user-provisioned infrastructure +[role="_abstract"] If the Registry Operator cannot create a Swift bucket, you must set up the storage medium manually and configure the settings in the registry custom resource (CR). .Prerequisites @@ -30,9 +31,12 @@ $ oc edit configs.imageregistry.operator.openshift.io/cluster .Example configuration [source,yaml] ---- -# ... -storage: - swift: - container: -# ... +apiVersion: imageregistry.operator.openshift.io/v1 +kind: Config +metadata: + name: cluster +spec: + storage: + swift: + container: ---- \ No newline at end of file diff --git a/modules/registry-operator-config-resources-secret-aws.adoc b/modules/registry-operator-config-resources-secret-aws.adoc index 0661ec5ba2ba..c37322b091c6 100644 --- a/modules/registry-operator-config-resources-secret-aws.adoc +++ b/modules/registry-operator-config-resources-secret-aws.adoc @@ -6,6 +6,8 @@ [id="registry-operator-config-resources-secret-aws_{context}"] = Configuring a secret for the Image Registry Operator + +[role="_abstract"] In addition to the `configs.imageregistry.operator.openshift.io` and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the `openshift-image-registry` namespace. diff --git a/modules/registry-operator-config-resources-secret-azure.adoc b/modules/registry-operator-config-resources-secret-azure.adoc index f786fd0519e7..9e9a919d5e58 100644 --- a/modules/registry-operator-config-resources-secret-azure.adoc +++ b/modules/registry-operator-config-resources-secret-azure.adoc @@ -7,6 +7,7 @@ [id="registry-operator-config-resources-secret-azure_{context}"] = Configuring a secret for the Image Registry Operator +[role="_abstract"] In addition to the `configs.imageregistry.operator.openshift.io` and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the `openshift-image-registry` namespace. diff --git a/modules/registry-operator-config-resources-secret-gcp.adoc b/modules/registry-operator-config-resources-secret-gcp.adoc index a74ab29e396f..d64cbbb9b5e5 100644 --- a/modules/registry-operator-config-resources-secret-gcp.adoc +++ b/modules/registry-operator-config-resources-secret-gcp.adoc @@ -6,6 +6,7 @@ [id="registry-operator-config-resources-secret-gcp_{context}"] = Configuring a secret for the Image Registry Operator +[role="_abstract"] In addition to the `configs.imageregistry.operator.openshift.io` and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the `openshift-image-registry` namespace. diff --git a/modules/registry-operator-config-resources-secret-openstack.adoc b/modules/registry-operator-config-resources-secret-openstack.adoc index 916176c9965a..edf93cfc235c 100644 --- a/modules/registry-operator-config-resources-secret-openstack.adoc +++ b/modules/registry-operator-config-resources-secret-openstack.adoc @@ -6,6 +6,7 @@ [id="registry-operator-config-resources-secret-openstack_{context}"] = Configuring a secret for the Image Registry Operator +[role="_abstract"] In addition to the `configs.imageregistry.operator.openshift.io` and ConfigMap resources, configuration is provided to the Operator by a separate secret resource located within the `openshift-image-registry` namespace. diff --git a/modules/registry-operator-configuration-resource-overview-aws-s3.adoc b/modules/registry-operator-configuration-resource-overview-aws-s3.adoc index bde5cb02e1d9..a3a76e61e5b9 100644 --- a/modules/registry-operator-configuration-resource-overview-aws-s3.adoc +++ b/modules/registry-operator-configuration-resource-overview-aws-s3.adoc @@ -6,6 +6,7 @@ [id="registry-operator-configuration-resource-overview-aws-s3_{context}"] = Image Registry Operator configuration parameters for AWS S3 +[role="_abstract"] The following configuration parameters are available for AWS S3 registry storage. The image registry `spec.storage.s3` configuration parameter holds the information to configure the registry to use the AWS S3 service for back-end storage. See the link:https://docs.docker.com/registry/storage-drivers/s3/[S3 storage driver documentation] for more information. @@ -20,7 +21,7 @@ It is optional and is generated if not provided. |`chunkSizeMiB` |ChunkSizeMiB is the size of the multipart upload chunks of the S3 API. -The default is `10` MiB with a minimum of `5` MiB. +The default is `10` MiB with a minimum of `5` MiB. |`region` |Region is the AWS region in which your bucket exists. It is optional and is @@ -48,7 +49,7 @@ true, or this parameter is ignored. It is optional. |`trustedCA` -|The namespace for the config map referenced by `trustedCA` is `openshift-config`. The key for the bundle in the config map is `ca-bundle.crt`. It is optional. +|The namespace for the config map referenced by `trustedCA` is `openshift-config`. The key for the bundle in the config map is `ca-bundle.crt`. It is optional. |=== [NOTE] diff --git a/modules/registry-operator-configuration-resource-overview-gcp-gcs.adoc b/modules/registry-operator-configuration-resource-overview-gcp-gcs.adoc index d42943a8e849..afff743831c6 100644 --- a/modules/registry-operator-configuration-resource-overview-gcp-gcs.adoc +++ b/modules/registry-operator-configuration-resource-overview-gcp-gcs.adoc @@ -6,7 +6,8 @@ [id="registry-operator-configuration-resource-overview-gcp-gcs_{context}"] = Image Registry Operator configuration parameters for {gcp-short} GCS -The following configuration parameters are available for {gcp-short} GCS registry storage. +[role="_abstract"] +The following parameters configure are available to configure your {gcp-short} GCS registry storage. [cols="3a,8a",options="header"] |=== diff --git a/modules/registry-operator-configuration-resource-overview-openstack-swift.adoc b/modules/registry-operator-configuration-resource-overview-openstack-swift.adoc index d49b9db22718..6e6703767f9f 100644 --- a/modules/registry-operator-configuration-resource-overview-openstack-swift.adoc +++ b/modules/registry-operator-configuration-resource-overview-openstack-swift.adoc @@ -6,7 +6,8 @@ [id="registry-operator-configuration-resource-overview-openstack-swift_{context}"] = Image Registry Operator configuration parameters for {rh-openstack} Swift -The following configuration parameters are available for {rh-openstack-first} Swift +[role="_abstract"] +The following parameters are available for you to configure your {rh-openstack-first} Swift registry storage. [cols="3a,8a",options="header"] diff --git a/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc index 3b70476815cf..10dc6b44c4a5 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc @@ -1,12 +1,15 @@ :_mod-docs-content-type: ASSEMBLY [id="configuring-registry-storage-aws-user-infrastructure"] = Configuring the registry for AWS user-provisioned infrastructure + include::_attributes/common-attributes.adoc[] + :context: configuring-registry-storage-aws-user-infrastructure toc::[] -:FILE: REGISTRY_STORAGE_S3_ACCESSKEY= +[role="_abstract"] +Save your container images to a durable storage location by configuring the built-in image registry to use dedicated {gcp-short} storage. This setup provides persistent scalable storage for your registry, separate from ephemeral cluster storage. include::modules/registry-operator-config-resources-secret-aws.adoc[leveloffset=+1] diff --git a/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc index c7cef975cbbb..8bea7f8dec1d 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc @@ -1,11 +1,16 @@ :_mod-docs-content-type: ASSEMBLY [id="configuring-registry-storage-azure-user-infrastructure"] = Configuring the registry for Azure user-provisioned infrastructure + include::_attributes/common-attributes.adoc[] + :context: configuring-registry-storage-azure-user-infrastructure toc::[] +[role="_abstract"] +Save your container images to a durable storage location by configuring the built-in image registry to use dedicated Azure storage. This setup provides persistent scalable storage for your registry, separate from ephemeral cluster storage. + include::modules/registry-operator-config-resources-secret-azure.adoc[leveloffset=+1] diff --git a/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc index 80ccd3b14516..55b3ae921c1d 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc @@ -6,7 +6,8 @@ include::_attributes/common-attributes.adoc[] toc::[] -:FILE: gcp= +[role="_abstract"] +Save your container images to a durable storage location by configuring the built-in image registry to use dedicated {gcp-short} storage. This setup provides persistent scalable storage for your registry, separate from ephemeral cluster storage. include::modules/registry-operator-config-resources-secret-gcp.adoc[leveloffset=+1] diff --git a/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc index 127e1f4fb8c5..b5a49a5233ee 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc @@ -1,11 +1,14 @@ :_mod-docs-content-type: ASSEMBLY [id="configuring-registry-storage-openstack-user-infrastructure"] = Configuring the registry for OpenStack user-provisioned infrastructure + include::_attributes/common-attributes.adoc[] + :context: configuring-registry-storage-openstack-user-infrastructure toc::[] +[role="_abstract"] You can configure the registry of a cluster that runs on your own {rh-openstack-first} infrastructure. include::modules/registry-configuring-registry-storage-swift-trust.adoc[leveloffset=+1]