1OC ADM(1)                          June 2016                         OC ADM(1)
2
3
4

NAME

6       oc adm registry - Install the integrated Docker registry
7
8
9

SYNOPSIS

11       oc adm registry [OPTIONS]
12
13
14

DESCRIPTION

16       Install or configure an integrated Docker registry
17
18
19       This  command sets up a Docker registry integrated with your cluster to
20       provide notifications when images are pushed. With  no  arguments,  the
21       command   will   check   for   the  existing  registry  service  called
22       'docker-registry' and try to create it. If you want to test whether the
23       registry  has  been created add the --dry-run flag and the command will
24       exit with 1 if the registry does not exist.
25
26
27       To run a highly available registry, you should be using a remote  stor‐
28       age mechanism like an object store (several are supported by the Docker
29       registry). The default Docker registry image is  configured  to  accept
30       configuration  as  environment  variables  - refer to the configuration
31       file in that image for more on setting  up  alternative  storage.  Once
32       you've  made  those  changes,  you  can  pass --replicas=2 or higher to
33       ensure you have failover protection. The default registry setup uses  a
34       local volume and the data will be lost if you delete the running pod.
35
36
37       If  multiple  ports  are  specified using the option --ports, the first
38       specified port will be chosen for use as the  REGISTRY  HTTP  ADDR  and
39       will be passed to Docker registry.
40
41
42       NOTE:  This  command  is intended to simplify the tasks of setting up a
43       Docker registry in a new installation. Some configuration  beyond  this
44       command is still required to make your registry persist data.
45
46
47

OPTIONS

49       --cluster-ip=""
50           Specify the ClusterIP value for the docker-registry service
51
52
53       --create=false
54           deprecated; this is now the default behavior
55
56
57       --daemonset=false
58           If true, use a daemonset instead of a deployment config.
59
60
61       --dry-run=false
62           If true, show the result of the operation without performing it.
63
64
65       --enforce-quota=false
66           If  true,  the  registry  will refuse to write blobs if they exceed
67       quota limits
68
69
70       --fs-group=""
71           Specify fsGroup which is an ID that grants group access to registry
72       block storage
73
74
75       --images="openshift/origin-${component}:${version}"
76           The  image to base this registry on - ${component} will be replaced
77       with --type
78
79
80       --labels="docker-registry=default"
81           A set of labels to uniquely identify the registry  and  its  compo‐
82       nents.
83
84
85       --latest-images=false
86           If  true,  attempt to use the latest image for the registry instead
87       of the latest release.
88
89
90       --local=false
91           If true, do not contact the apiserver
92
93
94       --mount-host=""
95           If set, the registry volume will be created as a host-mount at this
96       path.
97
98
99       -o, --output=""
100           Output  results  as  yaml or json instead of executing, or use name
101       for succint output (resource/name).
102
103
104       --output-version=""
105           The preferred API versions of the output objects
106
107
108       --ports="5000"
109           A comma delimited list of ports or port pairs to expose on the reg‐
110       istry pod. The default is set for 5000.
111
112
113       --replicas=1
114           The replication factor of the registry; commonly 2 when high avail‐
115       ability is desired.
116
117
118       --selector=""
119           Selector used to filter nodes on deployment. Used to run registries
120       on a specific set of nodes.
121
122
123       --service-account="registry"
124           Name of the service account to use to run the registry pod.
125
126
127       -a, --show-all=true
128           When  printing,  show  all  resources  (false means hide terminated
129       pods.)
130
131
132       --show-labels=false
133           When printing, show all labels as the  last  column  (default  hide
134       labels column)
135
136
137       --sort-by=""
138           If  non-empty, sort list types using this field specification.  The
139       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
140       '{.metadata.name}').  The  field  in the API resource specified by this
141       JSONPath expression must be an integer or a string.
142
143
144       --supplemental-groups=[]
145           Specify supplemental groups which is an array of ID's  that  grants
146       group access to registry shared storage
147
148
149       --template=""
150           Template  string  or  path  to template file to use when -o=go-tem‐
151       plate, -o=go-template-file. The template format is golang  templates  [
152http://golang.org/pkg/text/template/#pkg-overview⟩].
153
154
155       --tls-certificate=""
156           An  optional  path  to a PEM encoded certificate (which may contain
157       the private key) for serving over TLS
158
159
160       --tls-key=""
161           An optional path to a PEM encoded private key for serving over TLS
162
163
164       --type="docker-registry"
165           The registry image to use - if you specify --images this  flag  may
166       be ignored.
167
168
169       --volume="/registry"
170           The  volume path to use for registry storage; defaults to /registry
171       which is the default for origin-docker-registry.
172
173
174

OPTIONS INHERITED FROM PARENT COMMANDS

176       --allow_verification_with_non_compliant_keys=false
177           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
178       non-compliant with RFC6962.
179
180
181       --alsologtostderr=false
182           log to standard error as well as files
183
184
185       --application_metrics_count_limit=100
186           Max number of application metrics to store (per container)
187
188
189       --as=""
190           Username to impersonate for the operation
191
192
193       --as-group=[]
194           Group  to  impersonate for the operation, this flag can be repeated
195       to specify multiple groups.
196
197
198       --azure-container-registry-config=""
199           Path to the file containing Azure container registry  configuration
200       information.
201
202
203       --boot_id_file="/proc/sys/kernel/random/boot_id"
204           Comma-separated  list  of files to check for boot-id. Use the first
205       one that exists.
206
207
208       --cache-dir="/builddir/.kube/http-cache"
209           Default HTTP cache directory
210
211
212       --certificate-authority=""
213           Path to a cert file for the certificate authority
214
215
216       --client-certificate=""
217           Path to a client certificate file for TLS
218
219
220       --client-key=""
221           Path to a client key file for TLS
222
223
224       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
225           CIDRs opened in GCE firewall for LB traffic proxy  health checks
226
227
228       --cluster=""
229           The name of the kubeconfig cluster to use
230
231
232       --container_hints="/etc/cadvisor/container_hints.json"
233           location of the container hints file
234
235
236       --containerd="unix:///var/run/containerd.sock"
237           containerd endpoint
238
239
240       --context=""
241           The name of the kubeconfig context to use
242
243
244       --default-not-ready-toleration-seconds=300
245           Indicates    the    tolerationSeconds   of   the   toleration   for
246       notReady:NoExecute that is added by default to every pod that does  not
247       already have such a toleration.
248
249
250       --default-unreachable-toleration-seconds=300
251           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
252       able:NoExecute that is added by default to  every  pod  that  does  not
253       already have such a toleration.
254
255
256       --docker="unix:///var/run/docker.sock"
257           docker endpoint
258
259
260       --docker-tls=false
261           use TLS to connect to docker
262
263
264       --docker-tls-ca="ca.pem"
265           path to trusted CA
266
267
268       --docker-tls-cert="cert.pem"
269           path to client certificate
270
271
272       --docker-tls-key="key.pem"
273           path to private key
274
275
276       --docker_env_metadata_whitelist=""
277           a  comma-separated  list of environment variable keys that needs to
278       be collected for docker containers
279
280
281       --docker_only=false
282           Only report docker containers in addition to root stats
283
284
285       --docker_root="/var/lib/docker"
286           DEPRECATED: docker root is read from docker info (this is  a  fall‐
287       back, default: /var/lib/docker)
288
289
290       --enable_load_reader=false
291           Whether to enable cpu load reader
292
293
294       --event_storage_age_limit="default=24h"
295           Max length of time for which to store events (per type). Value is a
296       comma separated list of key values, where  the  keys  are  event  types
297       (e.g.: creation, oom) or "default" and the value is a duration. Default
298       is applied to all non-specified event types
299
300
301       --event_storage_event_limit="default=100000"
302           Max number of events to store (per type). Value is  a  comma  sepa‐
303       rated  list  of  key values, where the keys are event types (e.g.: cre‐
304       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
305       applied to all non-specified event types
306
307
308       --global_housekeeping_interval=0
309           Interval between global housekeepings
310
311
312       --housekeeping_interval=0
313           Interval between container housekeepings
314
315
316       --insecure-skip-tls-verify=false
317           If true, the server's certificate will not be checked for validity.
318       This will make your HTTPS connections insecure
319
320
321       --kubeconfig=""
322           Path to the kubeconfig file to use for CLI requests.
323
324
325       --log-flush-frequency=0
326           Maximum number of seconds between log flushes
327
328
329       --log_backtrace_at=:0
330           when logging hits line file:N, emit a stack trace
331
332
333       --log_cadvisor_usage=false
334           Whether to log the usage of the cAdvisor container
335
336
337       --log_dir=""
338           If non-empty, write log files in this directory
339
340
341       --logtostderr=true
342           log to standard error instead of files
343
344
345       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
346           Comma-separated list of files to  check  for  machine-id.  Use  the
347       first one that exists.
348
349
350       --match-server-version=false
351           Require server version to match client version
352
353
354       -n, --namespace=""
355           If present, the namespace scope for this CLI request
356
357
358       --request-timeout="0"
359           The  length  of  time  to  wait before giving up on a single server
360       request. Non-zero values should contain a corresponding time unit (e.g.
361       1s, 2m, 3h). A value of zero means don't timeout requests.
362
363
364       -s, --server=""
365           The address and port of the Kubernetes API server
366
367
368       --stderrthreshold=2
369           logs at or above this threshold go to stderr
370
371
372       --storage_driver_buffer_duration=0
373           Writes  in  the  storage driver will be buffered for this duration,
374       and committed to the non memory backends as a single transaction
375
376
377       --storage_driver_db="cadvisor"
378           database name
379
380
381       --storage_driver_host="localhost:8086"
382           database host:port
383
384
385       --storage_driver_password="root"
386           database password
387
388
389       --storage_driver_secure=false
390           use secure connection with database
391
392
393       --storage_driver_table="stats"
394           table name
395
396
397       --storage_driver_user="root"
398           database username
399
400
401       --token=""
402           Bearer token for authentication to the API server
403
404
405       --user=""
406           The name of the kubeconfig user to use
407
408
409       -v, --v=0
410           log level for V logs
411
412
413       --version=false
414           Print version information and quit
415
416
417       --vmodule=
418           comma-separated list of pattern=N settings for  file-filtered  log‐
419       ging
420
421
422

EXAMPLE

424                # Check if default Docker registry ("docker-registry") has been created
425                oc adm registry --dry-run
426
427                # See what the registry will look like if created
428                oc adm registry -o yaml
429
430                # Create a registry with two replicas if it does not exist
431                oc adm registry --replicas=2
432
433                # Use a different registry image
434                oc adm registry --images=myrepo/docker-registry:mytag
435
436                # Enforce quota and limits on images
437                oc adm registry --enforce-quota
438
439
440
441

SEE ALSO

443       oc-adm(1),
444
445
446

HISTORY

448       June 2016, Ported from the Kubernetes man-doc generator
449
450
451
452Openshift                  Openshift CLI User Manuals                OC ADM(1)
Impressum