--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "3" imageregistry.operator.openshift.io/checksum: sha256:d567d15968b9f982ebf08e03a004bfdd76db9d61c93f46c568452824b192f689 operator.openshift.io/spec-hash: 6670d87115659c87976bd0b7da2d44bb1974f9051c23f023883679ff2a8bbbc9 release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T07:23:45Z" generation: 2 labels: docker-registry: default pod-template-hash: 667fb7987 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"65ba2f82-bc74-4dee-bb54-d658693ed4d2"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-15T07:23:45Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-15T07:25:13Z" name: image-registry-667fb7987 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 65ba2f82-bc74-4dee-bb54-d658693ed4d2 resourceVersion: "11741" uid: dca8ec5a-54fd-4bc9-bdb9-46b59d482232 spec: replicas: 1 selector: matchLabels: docker-registry: default pod-template-hash: 667fb7987 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:c79e099401e0905b23105c3db638d0d3c884a5b18b49bbd35217d3548d25c9ba openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 667fb7987 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c1275cb6862b-image-registry-us-east-1-hysgiqenjpleowsdtfoqufre - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 1d6c7298a1a193f0a1e0f75e5c44a1226d7505b7dd3599b50d81bd4f281ffb9ee45b59840bb5e2a5294fa6d2c8b0fdda547b73bdd7868abbdf4f6dd27e9152bd - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6a82f6d2155134ec31688a2374b2a4d4096fa462b948cc06d66b7b14bf2c4ad2 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 2 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "2" imageregistry.operator.openshift.io/checksum: sha256:e064be8e9116d4a516321b85ec73581be08337fb33da815e94e615dedf7727cb operator.openshift.io/spec-hash: 42f35ec20a35e241a2c48518992b54e97f231057a70955fd6557f1f8dc46a063 release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T07:19:25Z" generation: 2 labels: docker-registry: default pod-template-hash: 79f4c9cdd4 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"65ba2f82-bc74-4dee-bb54-d658693ed4d2"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-15T07:24:36Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-15T07:24:36Z" name: image-registry-79f4c9cdd4 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 65ba2f82-bc74-4dee-bb54-d658693ed4d2 resourceVersion: "10824" uid: 49add018-659a-4c5c-91ea-e4b4c4ab0f6d spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 79f4c9cdd4 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:3e8ccaad51862ae3965470e403f099d5d2ed5af3ec9d7a4efc83f77dbd9711d6 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 79f4c9cdd4 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c1275cb6862b-image-registry-us-east-1-hysgiqenjpleowsdtfoqufre - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 1d6c7298a1a193f0a1e0f75e5c44a1226d7505b7dd3599b50d81bd4f281ffb9ee45b59840bb5e2a5294fa6d2c8b0fdda547b73bdd7868abbdf4f6dd27e9152bd - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6a82f6d2155134ec31688a2374b2a4d4096fa462b948cc06d66b7b14bf2c4ad2 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" imageregistry.operator.openshift.io/checksum: sha256:6c0aabe7e5f6f5c210463f6c2bd51f1bd4a478f6accdca907a8619ed0a7703e4 operator.openshift.io/spec-hash: 8e9b8a3f431604b1d7839972c518fb4556167fcb969912ab90b3856a8f9f341a release.openshift.io/version: 4.21.20 creationTimestamp: "2026-06-15T07:13:23Z" generation: 2 labels: docker-registry: default pod-template-hash: 85d9b49695 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"65ba2f82-bc74-4dee-bb54-d658693ed4d2"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-15T07:23:45Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-15T07:23:45Z" name: image-registry-85d9b49695 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 65ba2f82-bc74-4dee-bb54-d658693ed4d2 resourceVersion: "9349" uid: c22b0f93-e9cc-4ae4-8b16-4160f2a3ca64 spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 85d9b49695 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:3e8ccaad51862ae3965470e403f099d5d2ed5af3ec9d7a4efc83f77dbd9711d6 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 85d9b49695 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c1275cb6862b-image-registry-us-east-1-hysgiqenjpleowsdtfoqufre - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 1d6c7298a1a193f0a1e0f75e5c44a1226d7505b7dd3599b50d81bd4f281ffb9ee45b59840bb5e2a5294fa6d2c8b0fdda547b73bdd7868abbdf4f6dd27e9152bd - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6a82f6d2155134ec31688a2374b2a4d4096fa462b948cc06d66b7b14bf2c4ad2 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 kind: ReplicaSetList metadata: resourceVersion: "12304"