--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" imageregistry.operator.openshift.io/checksum: sha256:98872481f839ebf238197a21e1e736ecd3a361ffeda3d1a15c5be6f954e33613 operator.openshift.io/spec-hash: b0980330220f0123e7f0576c204d8ba17727670549766c7295c419fe4ec851e2 release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T02:15:06Z" generation: 2 labels: docker-registry: default pod-template-hash: 5657f86c88 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"ce1c06a7-8181-442d-a5c5-fb52ac186f88"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-09T02:25:25Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-09T02:25:25Z" name: image-registry-5657f86c88 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: ce1c06a7-8181-442d-a5c5-fb52ac186f88 resourceVersion: "9074" uid: 759a6413-7343-4a31-9600-98252e4e7c5a spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 5657f86c88 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:ce0eae169bcce57838a3b585cee0658b61b8d219b8823c5e010623b02cd7a8d0 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 5657f86c88 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c14a42387be4-image-registry-us-east-1-krjexntnmyjqmfavxmfhfcfq - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: c0fcfed033425a9b6bfe5c4f39708df9aec2a5a1dc03a0c7e2b762a171295f51dc575b4156f6e3e1618b4916fc82320c512e4e2af1c6f2c165a636f4a03a691b - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "2" imageregistry.operator.openshift.io/checksum: sha256:77b3e48d07020b4f8adf27e56e3891c27456122a0798d1506a29746da43e86db operator.openshift.io/spec-hash: 10300d73de9a3d459b69e1dec465176a7e1cf69627bb071a1fbbbde25c6369e1 release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T02:21:41Z" generation: 2 labels: docker-registry: default pod-template-hash: 565889c4f5 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"ce1c06a7-8181-442d-a5c5-fb52ac186f88"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-09T02:26:53Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-09T02:26:53Z" name: image-registry-565889c4f5 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: ce1c06a7-8181-442d-a5c5-fb52ac186f88 resourceVersion: "10859" uid: 112f0224-92eb-4e59-a50e-f2714b56dd1b spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 565889c4f5 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:ce0eae169bcce57838a3b585cee0658b61b8d219b8823c5e010623b02cd7a8d0 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 565889c4f5 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c14a42387be4-image-registry-us-east-1-krjexntnmyjqmfavxmfhfcfq - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: c0fcfed033425a9b6bfe5c4f39708df9aec2a5a1dc03a0c7e2b762a171295f51dc575b4156f6e3e1618b4916fc82320c512e4e2af1c6f2c165a636f4a03a691b - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "3" imageregistry.operator.openshift.io/checksum: sha256:3c023edab4154784b7ff5319ee3baeed383ecc01146b0b037742781a163f5ff5 operator.openshift.io/spec-hash: e38d11342f0d5e459aeb49a7137a5a41165cd3ac96cd4aa25fd6367ede33e291 release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T02:25:25Z" generation: 2 labels: docker-registry: default pod-template-hash: 8b7d7bf4b managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"ce1c06a7-8181-442d-a5c5-fb52ac186f88"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-06-09T02:25:25Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-06-09T02:26:53Z" name: image-registry-8b7d7bf4b namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: ce1c06a7-8181-442d-a5c5-fb52ac186f88 resourceVersion: "10847" uid: fff2dc24-2a3b-4d9f-a425-bebefbc62f3b spec: replicas: 1 selector: matchLabels: docker-registry: default pod-template-hash: 8b7d7bf4b template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:ed8b528de62438a52810b0f57da2b449de6f32c515e5280b80cc7c14a335ba61 openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' labels: docker-registry: default pod-template-hash: 8b7d7bf4b spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: c14a42387be4-image-registry-us-east-1-krjexntnmyjqmfavxmfhfcfq - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: c0fcfed033425a9b6bfe5c4f39708df9aec2a5a1dc03a0c7e2b762a171295f51dc575b4156f6e3e1618b4916fc82320c512e4e2af1c6f2c165a636f4a03a691b - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3f369398d5bbdca40210225ca84977c1e42f774e42b44162c24b0d1a358f94d imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000290000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 2 readyReplicas: 1 replicas: 1 kind: ReplicaSetList metadata: resourceVersion: "29507"