0

When I edit the image-registry Deployment (in the openshift-image-registry Namespace/Project), the modified fields are automatically reverted/rolled-back on Save.

My understanding is that Deployments control/manage some resources (i.e., ReplicaSets), but what Resource/CustomResource/CustomResourceDefinition controls/manages Deployments?

I'm unsure how to set a different securityContext > fsGroup for my image-registry pod because the Deployment changes I make are being reverted/rolled-back.

DizzyThermal
  • 104
  • 1
  • 10

1 Answers1

1

That resource is managed by the image-registry operator. You can check for yourself with oc get clusteroperator image-registry and edit the configuration for the operator with oc edit configs.imageregistry.operator.openshift.io.

It is possible to set the image-registry operator in Unmanaged state, by editing configs.imageregistry.operator.openshift.io and setting managementState to Unmanaged. This would prevent the operator from actively managing its components and should allow you to change the ReplicaSet without the operator reverting your changes. Please note that setting the operator in Unmanaged state is not supported by Red Hat.

You can find more in depth documentation on the registry in the registry chapter of the OpenShift documentation.

Dennis
  • 57
  • 7
  • Thanks Dennis. I'm struggling to understand how the image-registry Deployment/Operator allows for the Pod.spec.securityContext.fsGroup to be set. It's being set in the Deployment, but I'm unsure of where to set this to be persistent/rolled-out to the Operator > Deployment > ReplicaSet > Pods. Editing the Config of the imageregistry operator allows for editing some parameters (https://docs.openshift.com/container-platform/4.8/registry/configuring-registry-operator.html#registry-operator-configuration-resource-overview_configuring-registry-operator), but not the fsGroup mentioned. – DizzyThermal Oct 14 '21 at 18:42
  • Hi! I've updated the answer on changing the ReplicaSet. I am curious though, why would you want to change the fsGroup for registry storage? – Dennis Oct 15 '21 at 06:56
  • Thank you for the additional information Dennis, appreciate it.. I am currently using NFS as my storage backend for the image-registry, however, the ownership on the NFS export directory is being changed by OpenShift presumably (root:root) - after a few hours, I am unable to push to the image-registry and have to manually chown -R :root on the docker registry to make the image push work. I was exploring changing the fsGroup to debug what is needed to successfully use NFS. Is there something else I'm missing here? Thanks again! – DizzyThermal Oct 15 '21 at 12:26