1OC ADM(1) June 2016 OC ADM(1)
2
3
4
6 oc adm registry - Install the integrated Docker registry
7
8
9
11 oc adm registry [OPTIONS]
12
13
14
16 Install or configure an integrated Docker registry
17
18
19 This command sets up a Docker registry integrated with your cluster to
20 provide notifications when images are pushed. With no arguments, the
21 command will check for the existing registry service called
22 'docker-registry' and try to create it. If you want to test whether the
23 registry has been created add the --dry-run flag and the command will
24 exit with 1 if the registry does not exist.
25
26
27 To run a highly available registry, you should be using a remote stor‐
28 age mechanism like an object store (several are supported by the Docker
29 registry). The default Docker registry image is configured to accept
30 configuration as environment variables - refer to the configuration
31 file in that image for more on setting up alternative storage. Once
32 you've made those changes, you can pass --replicas=2 or higher to
33 ensure you have failover protection. The default registry setup uses a
34 local volume and the data will be lost if you delete the running pod.
35
36
37 If multiple ports are specified using the option --ports, the first
38 specified port will be chosen for use as the REGISTRY HTTP ADDR and
39 will be passed to Docker registry.
40
41
42 NOTE: This command is intended to simplify the tasks of setting up a
43 Docker registry in a new installation. Some configuration beyond this
44 command is still required to make your registry persist data.
45
46
47
49 --cluster-ip=""
50 Specify the ClusterIP value for the docker-registry service
51
52
53 --create=false
54 deprecated; this is now the default behavior
55
56
57 --daemonset=false
58 If true, use a daemonset instead of a deployment config.
59
60
61 --dry-run=false
62 If true, show the result of the operation without performing it.
63
64
65 --enforce-quota=false
66 If true, the registry will refuse to write blobs if they exceed
67 quota limits
68
69
70 --fs-group=""
71 Specify fsGroup which is an ID that grants group access to registry
72 block storage
73
74
75 --images="openshift/origin-${component}:${version}"
76 The image to base this registry on - ${component} will be replaced
77 with --type
78
79
80 --labels="docker-registry=default"
81 A set of labels to uniquely identify the registry and its compo‐
82 nents.
83
84
85 --latest-images=false
86 If true, attempt to use the latest image for the registry instead
87 of the latest release.
88
89
90 --local=false
91 If true, do not contact the apiserver
92
93
94 --mount-host=""
95 If set, the registry volume will be created as a host-mount at this
96 path.
97
98
99 -o, --output=""
100 Output results as yaml or json instead of executing, or use name
101 for succint output (resource/name).
102
103
104 --output-version=""
105 The preferred API versions of the output objects
106
107
108 --ports="5000"
109 A comma delimited list of ports or port pairs to expose on the reg‐
110 istry pod. The default is set for 5000.
111
112
113 --replicas=1
114 The replication factor of the registry; commonly 2 when high avail‐
115 ability is desired.
116
117
118 --selector=""
119 Selector used to filter nodes on deployment. Used to run registries
120 on a specific set of nodes.
121
122
123 --service-account="registry"
124 Name of the service account to use to run the registry pod.
125
126
127 -a, --show-all=true
128 When printing, show all resources (false means hide terminated
129 pods.)
130
131
132 --show-labels=false
133 When printing, show all labels as the last column (default hide
134 labels column)
135
136
137 --sort-by=""
138 If non-empty, sort list types using this field specification. The
139 field specification is expressed as a JSONPath expression (e.g.
140 '{.metadata.name}'). The field in the API resource specified by this
141 JSONPath expression must be an integer or a string.
142
143
144 --supplemental-groups=[]
145 Specify supplemental groups which is an array of ID's that grants
146 group access to registry shared storage
147
148
149 --template=""
150 Template string or path to template file to use when -o=go-tem‐
151 plate, -o=go-template-file. The template format is golang templates [
152 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
153
154
155 --tls-certificate=""
156 An optional path to a PEM encoded certificate (which may contain
157 the private key) for serving over TLS
158
159
160 --tls-key=""
161 An optional path to a PEM encoded private key for serving over TLS
162
163
164 --type="docker-registry"
165 The registry image to use - if you specify --images this flag may
166 be ignored.
167
168
169 --volume="/registry"
170 The volume path to use for registry storage; defaults to /registry
171 which is the default for origin-docker-registry.
172
173
174
176 --allow_verification_with_non_compliant_keys=false
177 Allow a SignatureVerifier to use keys which are technically
178 non-compliant with RFC6962.
179
180
181 --alsologtostderr=false
182 log to standard error as well as files
183
184
185 --application_metrics_count_limit=100
186 Max number of application metrics to store (per container)
187
188
189 --as=""
190 Username to impersonate for the operation
191
192
193 --as-group=[]
194 Group to impersonate for the operation, this flag can be repeated
195 to specify multiple groups.
196
197
198 --azure-container-registry-config=""
199 Path to the file containing Azure container registry configuration
200 information.
201
202
203 --boot_id_file="/proc/sys/kernel/random/boot_id"
204 Comma-separated list of files to check for boot-id. Use the first
205 one that exists.
206
207
208 --cache-dir="/builddir/.kube/http-cache"
209 Default HTTP cache directory
210
211
212 --certificate-authority=""
213 Path to a cert file for the certificate authority
214
215
216 --client-certificate=""
217 Path to a client certificate file for TLS
218
219
220 --client-key=""
221 Path to a client key file for TLS
222
223
224 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
225 CIDRs opened in GCE firewall for LB traffic proxy health checks
226
227
228 --cluster=""
229 The name of the kubeconfig cluster to use
230
231
232 --container_hints="/etc/cadvisor/container_hints.json"
233 location of the container hints file
234
235
236 --containerd="unix:///var/run/containerd.sock"
237 containerd endpoint
238
239
240 --context=""
241 The name of the kubeconfig context to use
242
243
244 --default-not-ready-toleration-seconds=300
245 Indicates the tolerationSeconds of the toleration for
246 notReady:NoExecute that is added by default to every pod that does not
247 already have such a toleration.
248
249
250 --default-unreachable-toleration-seconds=300
251 Indicates the tolerationSeconds of the toleration for unreach‐
252 able:NoExecute that is added by default to every pod that does not
253 already have such a toleration.
254
255
256 --docker="unix:///var/run/docker.sock"
257 docker endpoint
258
259
260 --docker-tls=false
261 use TLS to connect to docker
262
263
264 --docker-tls-ca="ca.pem"
265 path to trusted CA
266
267
268 --docker-tls-cert="cert.pem"
269 path to client certificate
270
271
272 --docker-tls-key="key.pem"
273 path to private key
274
275
276 --docker_env_metadata_whitelist=""
277 a comma-separated list of environment variable keys that needs to
278 be collected for docker containers
279
280
281 --docker_only=false
282 Only report docker containers in addition to root stats
283
284
285 --docker_root="/var/lib/docker"
286 DEPRECATED: docker root is read from docker info (this is a fall‐
287 back, default: /var/lib/docker)
288
289
290 --enable_load_reader=false
291 Whether to enable cpu load reader
292
293
294 --event_storage_age_limit="default=24h"
295 Max length of time for which to store events (per type). Value is a
296 comma separated list of key values, where the keys are event types
297 (e.g.: creation, oom) or "default" and the value is a duration. Default
298 is applied to all non-specified event types
299
300
301 --event_storage_event_limit="default=100000"
302 Max number of events to store (per type). Value is a comma sepa‐
303 rated list of key values, where the keys are event types (e.g.: cre‐
304 ation, oom) or "default" and the value is an integer. Default is
305 applied to all non-specified event types
306
307
308 --global_housekeeping_interval=0
309 Interval between global housekeepings
310
311
312 --housekeeping_interval=0
313 Interval between container housekeepings
314
315
316 --httptest.serve=""
317 if non-empty, httptest.NewServer serves on this address and blocks
318
319
320 --insecure-skip-tls-verify=false
321 If true, the server's certificate will not be checked for validity.
322 This will make your HTTPS connections insecure
323
324
325 --kubeconfig=""
326 Path to the kubeconfig file to use for CLI requests.
327
328
329 --log-flush-frequency=0
330 Maximum number of seconds between log flushes
331
332
333 --log_backtrace_at=:0
334 when logging hits line file:N, emit a stack trace
335
336
337 --log_cadvisor_usage=false
338 Whether to log the usage of the cAdvisor container
339
340
341 --log_dir=""
342 If non-empty, write log files in this directory
343
344
345 --logtostderr=true
346 log to standard error instead of files
347
348
349 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
350 Comma-separated list of files to check for machine-id. Use the
351 first one that exists.
352
353
354 --match-server-version=false
355 Require server version to match client version
356
357
358 -n, --namespace=""
359 If present, the namespace scope for this CLI request
360
361
362 --request-timeout="0"
363 The length of time to wait before giving up on a single server
364 request. Non-zero values should contain a corresponding time unit (e.g.
365 1s, 2m, 3h). A value of zero means don't timeout requests.
366
367
368 -s, --server=""
369 The address and port of the Kubernetes API server
370
371
372 --stderrthreshold=2
373 logs at or above this threshold go to stderr
374
375
376 --storage_driver_buffer_duration=0
377 Writes in the storage driver will be buffered for this duration,
378 and committed to the non memory backends as a single transaction
379
380
381 --storage_driver_db="cadvisor"
382 database name
383
384
385 --storage_driver_host="localhost:8086"
386 database host:port
387
388
389 --storage_driver_password="root"
390 database password
391
392
393 --storage_driver_secure=false
394 use secure connection with database
395
396
397 --storage_driver_table="stats"
398 table name
399
400
401 --storage_driver_user="root"
402 database username
403
404
405 --token=""
406 Bearer token for authentication to the API server
407
408
409 --user=""
410 The name of the kubeconfig user to use
411
412
413 -v, --v=0
414 log level for V logs
415
416
417 --version=false
418 Print version information and quit
419
420
421 --vmodule=
422 comma-separated list of pattern=N settings for file-filtered log‐
423 ging
424
425
426
428 # Check if default Docker registry ("docker-registry") has been created
429 oc adm registry --dry-run
430
431 # See what the registry will look like if created
432 oc adm registry -o yaml
433
434 # Create a registry with two replicas if it does not exist
435 oc adm registry --replicas=2
436
437 # Use a different registry image
438 oc adm registry --images=myrepo/docker-registry:mytag
439
440 # Enforce quota and limits on images
441 oc adm registry --enforce-quota
442
443
444
445
447 oc-adm(1),
448
449
450
452 June 2016, Ported from the Kubernetes man-doc generator
453
454
455
456Openshift Openshift CLI User Manuals OC ADM(1)