Issue 27612, updated registry path #30805
Conversation
ahardin-rh
added
branch/enterprise-4.6
branch/enterprise-4.7
branch/enterprise-4.8
issue-burndown
openshift-ci-robot
added
the
size/S
|
Deploy preview for osdocs ready! Built with commit 33f47d1 |
ahardin-rh
requested review from
cgwalters,
kikisdeliveryservice and
yuqi-zhang
|
@kikisdeliveryservice @cgwalters @yuqi-zhang Can you please confirm this change? Thank you! |
|
This does seem to match better with the upstream docs, although the containers team probably has more insight into this. CC'ing @vrothberg and @umohnani8 for the review |
|
@yuqi-zhang Thank you! |
|
Any reason we document the MC way of making changes to these low level files? We have the cluster wide |
|
@umohnani8 I'm not sure exactly. Looks like this content was introduced in #25823. I'm not very familiar with this area of content, but I'm happy to update the procedures with your guidance. Thank you! |
vrothberg
left a comment
vrothberg
left a comment
There was a problem hiding this comment.
Thanks for the ping. Some changes need to be reverted.
The naming of the two directories is unfortunate and very confusing; historical reasons. The rule of thumb is that .conf (TOML) files go into registries.CONF.d. YAMLs for signature policies etc. go into `registries.d.
There was a problem hiding this comment.
In that case, the previous path was correct. Signatures go into registries.d.
There was a problem hiding this comment.
registries.conf.d is actually what we need here as it is talking about adding a drop-in file to modify unqualified-search-registries.
There was a problem hiding this comment.
@ahardin-rh looks like this is a bit outdated. In 4.7, we added a new option to the cluster wide Image CR - containerRuntimeSearchRegistries. Users can use that set their configured list of unqualified-search-registries and the controller rolls out the changes to the appropriate nodes. However, we heavily advice against using unqualified-search-registries and it was documented by https://github.com/openshift/openshift-docs/pull/28152/files.
I think we should not document how someone can do this with a MC, we want users to use our CRDs for making such changes to the node. Signatures are not supported yet, so using an MC for that makes sense, but that is something we are looking to combine into the Image CRD in the future.
There was a problem hiding this comment.
@umohnani8 Thank you! Should I create a new PR to remove this procedure from the 4.7+ doc set then?
FYI @mburke5678
There was a problem hiding this comment.
Yes please, it should be removed from the 4.7 and later docs.
There was a problem hiding this comment.
@umohnani8 Thank you! I will get this work merged and then remove the procedure from 4.7 and 4.8 in a follow-up PR. Thanks!
| sh-4.4# cat /etc/containers/registries.conf.d/99-worker-unqualified-search-registries.conf | ||
| unqualified-search-registries = ['registry.access.redhat.com', 'docker.io', 'quay.io'] | ||
| sh-4.4# exit | ||
| ---- |
There was a problem hiding this comment.
The update LGTM. Should these sh-4.4# commands be separated into individual code blocks? Not sure if there is a reason that they weren't when the original work was done to separate multiple commands and commands from their output. :)
| automatically place the file on each node in your cluster. No service | ||
| restart is required since policy and `registries.d` files are dynamically | ||
| loaded by the container runtime. | ||
| loaded by the container runtime. |
There was a problem hiding this comment.
Looks like this file is just picking up removing extra whitespace at the end of these lines. What do you think about undoing the hard line wraps in this module?
There was a problem hiding this comment.
Yeah, we'll need to do some follow-up work there, but that's out of scope for this PR. Thanks!
lbarbeevargas
added
the
peer-review-done
|
A couple of minor comments, but otherwise LGTM! |
|
/cherrypick enterprise-4.6 |
|
/cherrypick enterprise-4.7 |
|
/cherrypick enterprise-4.8 |
|
@ahardin-rh: new pull request created: #30869 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@ahardin-rh: new pull request created: #30870 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@ahardin-rh: new pull request created: #30871 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
7 participants
Addresses #27612