Makes changes to IR configuration docs

openshift · Apr 25, 2024 · f47e263 · f47e263
1 parent 3394eef
commit f47e263
Showing 1 changed file with 44 additions and 11 deletions.
diff --git a/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc b/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc
@@ -63,38 +63,71 @@ $ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='
 $ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode)
 ----
 
-. Create the secret `image-registry-private-configuration-user` with the AWS credentials for the new bucket under `openshift-image-registry project` by entering the following command:
+. If the image registry is exposed externally:
+
+.. Create a `route` resource if one does not already exist. For example:
++
+[source,yaml]
+----
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: s3-rgw
+  namespace: openshift-storage
+  labels:
+    app: rook-ceph-rgw
+    ceph_daemon_id: ocs-storagecluster-cephobjectstore
+    ceph_daemon_type: rgw
+    rgw: ocs-storagecluster-cephobjectstore
+    rook_cluster: openshift-storage
+    rook_object_store: ocs-storagecluster-cephobjectstore
+spec:
+  to:
+    kind: Service
+    name: rook-ceph-rgw-ocs-storagecluster-cephobjectstore
+    weight: 100
+  port:
+    targetPort: http
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Allow
+  wildcardPolicy: None
+----
+
+.. Enter the following command to extract the host of the Ceph RGW `route` resource and assign it to the variable `$route_host`:
+:
 +
 [source,terminal]
 ----
-$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registry
+$ route_host=$(oc get route s3-rgw -n openshift-storage --template='{{ .spec.host }}')
 ----
 
-. Get the `buckethost` value by entering the following command:
+. If the image registry is not exposed externally:
+
+.. Enter the following command to delete the existing `image-registry-s3-bundle` ConfigMap:
 +
 [source,terminal]
 ----
-$ route_host=$(oc get objectbucket $bucket_name -n openshift-storage -o=jsonpath='{.spec.endpoint.bucketHost}')
+$ oc delete configmap image-registry-s3-bundle -n openshift-config
 ----
-+
 
-. Create a config map that uses an ingress certificate by entering the following commands:
+.. Enter the following command to extract the SSL/TLS certificate from the secret:
 +
 [source,terminal]
 ----
-$ oc extract secret/router-certs-default  -n openshift-ingress  --confirm
+$ oc extract secret/ocs-storagecluster-cos-ceph-rgw-tls-cert -n openshift-storage --confirm
 ----
+
+.. Enter the following command to recreate the ConfigMap with the extracted certificate:
 +
 [source,terminal]
 ----
-$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt  -n openshift-config
+$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt -n openshift-config
 ----
 
 . Configure the image registry to use the Ceph RGW object storage by entering the following command:
 +
 [source,terminal]
 ----
 $ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","s3":{"bucket":'\"${bucket_name}\"',"region":"us-east-1","regionEndpoint":'\"https://${route_host}\"',"virtualHostedStyle":false,"encrypt":false,"trustedCA":{"name":"image-registry-s3-bundle"}}}}}' --type=merge
-----
-
-
+----