Skip to content

Instantly share code, notes, and snippets.

@tmckayus

tmckayus/insecure_registry_crc.md

Created October 8, 2019 18:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tmckayus/15fa6a99bcfbee8c74212c529f4008f5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tmckayus/15fa6a99bcfbee8c74212c529f4008f5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. tmckayus created this gist Oct 8, 2019.
    67 changes: 67 additions & 0 deletions insecure_registry_crc.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,67 @@
    # Adding insecure registries on crc (and other things that require a node reboot)

    ## Overview

    Since crc deploys the OpenShift instance in a single VM, certain configuration changes
    can't be applied using the normal OpenShift mechanism. In a full deployment with multiple
    nodes, OpenShift coordinates the update and reboot of each node in the cluster, evacuating
    and rescheduling pods as it goes so everything continues to run. With a single VM this isn't
    possible, so some configuration changes have to be made manually.

    ## Registry configuration changes

    A change to the registry configuration is one of the types of changes that must be
    done manually with crc. Here is an example of how to add *my.fav.vendor* as an insecure
    registry (other registry changes in the same file are done the same way, like
    blocking registries or adding registries to search)

    As the kubeadmin user, get the name of the OpenShift node and enter a debug shell:

    ```
    $ oc get nodes
    NAME STATUS ROLES AGE VERSION
    crc-vsqrt-master-0 Ready master,worker 19d v1.13.4+3bd346709
    $ oc debug node/crc-vsqrt-master-0
    Starting pod/crc-vsqrt-master-0-debug ...
    To use host binaries, run `chroot /host`
    If you don't see a command prompt, try pressing enter.
    sh-4.2# chroot /host
    sh-4.4#
    ```

    Pro-tip, at this point we are going to use *vi* to edit a file. It seems
    that you will have a much better experience editing files if you resize your terminal at
    this point. It doesn't matter *what size*, just resize it :)

    ```
    sh-4.4# more /etc/containers/registries.conf
    [registries.search]
    registries = ['registry.access.redhat.com', 'docker.io']
    [registries.insecure]
    registries = []
    [registries.block]
    registries = []
    sh-4.4# vi /etc/containers/registries.conf
    ```

    Change the insecure registries section to look like this:
    ```
    [registries.insecure]
    registries = ['my.fav.vendor']
    ```
    Now exit out of the debug shell, stop crc, and restart crc to make
    the change take effect:
    ```
    sh-4.4# exit
    exit
    sh-4.2# exit
    exit
    Removing debug pod ...
    $ crc stop
    Stopping CodeReady Containers instance... this may take a few minutes
    CodeReady Containers instance stopped
    $ crc start