--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "2" imageregistry.operator.openshift.io/checksum: sha256:15935ab5775e3809bbe909c6a0477afa8c3a60b3269e9e247e07b9218fc12972 operator.openshift.io/spec-hash: a51e29dbd7791d5e566ca007d83e78cf1179f8a75159847bf1161685241400aa release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-07T19:29:07Z" generation: 2 labels: docker-registry: default pod-template-hash: 6b8dc847d9 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"82a27723-da21-45d3-9f56-e2048716f793"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-07T19:30:42Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-07T19:30:42Z" name: image-registry-6b8dc847d9 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 82a27723-da21-45d3-9f56-e2048716f793 resourceVersion: "9214" uid: 26ff2cf3-cfca-4ed2-9e38-e73557957cb2 spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 6b8dc847d9 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:95b1c8be54407b9ed83e625981c2d7bec0f979ebe6d865696e123f5e25e34360 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 6b8dc847d9 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 48ba20dc8ae4-image-registry-us-east-1-tnyiqlggvdtbkoovxqjptxgh - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 8c909294ae74b8e6afc1608d60546035e4609fba95ee4e9c8eebe8fdcd2a7da93787a8b6a917c3ba40424d075c4eec3f4a5223831dd2b9db1a8f008f36f30f6a - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" imageregistry.operator.openshift.io/checksum: sha256:8fc6a82d9909dc33d602045f0fd1df347ef7b2b69f9102b820251ac9270ecd9b operator.openshift.io/spec-hash: 204294f7ec6df7ac63bc8fdaccfd82265b87026046948aaf934e0b8b99390739 release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-07T19:23:54Z" generation: 2 labels: docker-registry: default pod-template-hash: 7cb6d65694 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"82a27723-da21-45d3-9f56-e2048716f793"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-07T19:30:13Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-07T19:30:13Z" name: image-registry-7cb6d65694 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 82a27723-da21-45d3-9f56-e2048716f793 resourceVersion: "7839" uid: 013498b2-a4ef-4e63-9ae7-ec771dd432ed spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 7cb6d65694 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:95b1c8be54407b9ed83e625981c2d7bec0f979ebe6d865696e123f5e25e34360 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 7cb6d65694 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 48ba20dc8ae4-image-registry-us-east-1-tnyiqlggvdtbkoovxqjptxgh - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 8c909294ae74b8e6afc1608d60546035e4609fba95ee4e9c8eebe8fdcd2a7da93787a8b6a917c3ba40424d075c4eec3f4a5223831dd2b9db1a8f008f36f30f6a - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "3" imageregistry.operator.openshift.io/checksum: sha256:79ee85c0674a0f2e4b3f182697a7145a0389b6c658ac4cc9de1ed96414fbf780 operator.openshift.io/spec-hash: 7f2390c07a26535cfaf8cfb7471976b6b9dd94f78da1518e2d566cbde6907f2f release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-07T19:30:13Z" generation: 2 labels: docker-registry: default pod-template-hash: 7dc5cf9d96 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"82a27723-da21-45d3-9f56-e2048716f793"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-07T19:30:13Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-07T19:30:42Z" name: image-registry-7dc5cf9d96 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: 82a27723-da21-45d3-9f56-e2048716f793 resourceVersion: "9194" uid: 10e6af7c-67e2-4994-9b0a-6623eab46e9e spec: replicas: 1 selector: matchLabels: docker-registry: default pod-template-hash: 7dc5cf9d96 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:af392efda2245cbac57885d2d5faee415b354a527d9e68553cdf4b69a6827113 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 7dc5cf9d96 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 48ba20dc8ae4-image-registry-us-east-1-tnyiqlggvdtbkoovxqjptxgh - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 8c909294ae74b8e6afc1608d60546035e4609fba95ee4e9c8eebe8fdcd2a7da93787a8b6a917c3ba40424d075c4eec3f4a5223831dd2b9db1a8f008f36f30f6a - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 2 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "30415"