In OCP4.3 and up, the installer detects if the environment is baremetal - and in such a case disables the registry. This will happen in all our libvirt environments as well. You will see errors such as this:
bc/ruby-hello-world is pushing to istag/ruby-hello-world:latest, but the administrator has not configured the integrated container image registry.
Here are the steps I took to get my registry working:
- Created an NFS share on the host:
mkdir /mnt/export_dir
chown nobody:nobody /mnt/export_dir
chmod 700 /mnt/export_dir
- In /etc/exports.d/export_dir.exports:
/mnt/export_dir *(rw,async,all_squash,no_wdelay,insecure,fsid=0)
- Run th exportfs command on the host, and if needed also start the nfs service:
exportfs -a
systemctl enable --now nfs-server
- Create a PV using NFS, with 100GiB at least:
vi nfs-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: titan40data
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
path: /mnt/export_dir
server: titan40.lab.eng.tlv2.redhat.com
persistentVolumeReclaimPolicy: Recycle
oc create -f nfs-pv.yaml
oc get pv
- Change the registry configuration, and set managementState and the storage as in the below. Leave the claim field blank so that a PVC will be created automatically:
oc edit configs.imageregistry.operator.openshift.io
spec:
managementState: Managed
storage:
pvc:
claim:
- Look at the ConfigMaps in the openshift-image-registry namespace, and add the certificate from the "serviceca" configmap to the list of certificates in the "trusted-ca" configmap
oc edit configmaps -n openshift-image-registry