--- apiVersion: apps/v1 items: - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "3" imageregistry.operator.openshift.io/checksum: sha256:c80b545fbbf387bc624217e32260d5e353b81ad86091570181b750c405d94212 operator.openshift.io/spec-hash: 7182eba476d2a633031c573ca6c3deec02a801aa1a9672b30cb596477330ae0d release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T17:10:06Z" generation: 2 labels: docker-registry: default pod-template-hash: 555cf688b8 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"e69d417f-2248-4c8e-bded-467158d0eb93"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:10:06Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:availableReplicas: {} f:fullyLabeledReplicas: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-04-17T17:10:28Z" name: image-registry-555cf688b8 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: e69d417f-2248-4c8e-bded-467158d0eb93 resourceVersion: "9314" uid: 3313a356-4493-4dac-bed7-bbf32bc0417c spec: replicas: 1 selector: matchLabels: docker-registry: default pod-template-hash: 555cf688b8 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:0927f7f714ba3ada747dd75d7586bce447e34cd9099d446a384592cd5ae2a1ba openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: docker-registry: default pod-template-hash: 555cf688b8 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 848ee30b63de-image-registry-us-east-1-btmwsrbhtekemumqinchhnge - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 213c545bd8fcd436d858d542ce7c6615ff0145539b2c1710281a7a268bf261fafe5d0abd7b3ab1959c372ca886224a6c65734de7d2e0a624204f31639d8b843c - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:44136b348d0b6fc6ca07bd61902f4901177c2185045a72b42b2a1d2ad050e0f9 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000300000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: availableReplicas: 1 fullyLabeledReplicas: 1 observedGeneration: 2 readyReplicas: 1 replicas: 1 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "1" imageregistry.operator.openshift.io/checksum: sha256:1338a30f9b67216e2a1299afa4de793859275d70ee6b56e35a5878a52d984a24 operator.openshift.io/spec-hash: 00ce3c2740926e38f8caf82dbe2872f354765e3e965a492bf1d2fe90bde004e0 release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T17:04:03Z" generation: 2 labels: docker-registry: default pod-template-hash: 5cd9d6769f managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"e69d417f-2248-4c8e-bded-467158d0eb93"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:10:06Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-04-17T17:10:06Z" name: image-registry-5cd9d6769f namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: e69d417f-2248-4c8e-bded-467158d0eb93 resourceVersion: "8223" uid: 1dbb5d04-6ed9-4c7d-a34c-e8128cde2624 spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 5cd9d6769f template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:e92cce6984e5242ba7a28a51cb3023c40eea4238b96938b155635bbe0d74838f openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: docker-registry: default pod-template-hash: 5cd9d6769f spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 848ee30b63de-image-registry-us-east-1-btmwsrbhtekemumqinchhnge - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 213c545bd8fcd436d858d542ce7c6615ff0145539b2c1710281a7a268bf261fafe5d0abd7b3ab1959c372ca886224a6c65734de7d2e0a624204f31639d8b843c - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:44136b348d0b6fc6ca07bd61902f4901177c2185045a72b42b2a1d2ad050e0f9 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000300000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 - apiVersion: apps/v1 kind: ReplicaSet metadata: annotations: deployment.kubernetes.io/desired-replicas: "1" deployment.kubernetes.io/max-replicas: "2" deployment.kubernetes.io/revision: "2" imageregistry.operator.openshift.io/checksum: sha256:32f5904f5ddeaae8b9449d18a38f8c9e914d24c8f2247a7c9536f797c0b0fc20 operator.openshift.io/spec-hash: 8dc3de45d67a788ea073c961ff604cd1d2dacd16877b447f99e4d8581d453bef release.openshift.io/version: 4.20.19 creationTimestamp: "2026-04-17T17:07:27Z" generation: 2 labels: docker-registry: default pod-template-hash: 5f797f5f96 managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/desired-replicas: {} f:deployment.kubernetes.io/max-replicas: {} f:deployment.kubernetes.io/revision: {} f:imageregistry.operator.openshift.io/checksum: {} f:operator.openshift.io/spec-hash: {} f:release.openshift.io/version: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:ownerReferences: .: {} k:{"uid":"e69d417f-2248-4c8e-bded-467158d0eb93"}: {} f:spec: f:replicas: {} f:selector: {} f:template: f:metadata: f:annotations: .: {} f:imageregistry.operator.openshift.io/dependencies-checksum: {} f:openshift.io/required-scc: {} f:target.workload.openshift.io/management: {} f:labels: .: {} f:docker-registry: {} f:pod-template-hash: {} f:spec: f:containers: k:{"name":"registry"}: .: {} f:command: {} f:env: .: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_NET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_SECRET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_CERTIFICATE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_HTTP_TLS_KEY"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_LOG_LEVEL"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_METRICS_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_QUOTA_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_OPENSHIFT_SERVER_ADDR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_DELETE_ENABLED"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_BUCKET"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_ENCRYPT"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_FORCEPATHSTYLE"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_REGION"}: .: {} f:name: {} f:value: {} k:{"name":"REGISTRY_STORAGE_S3_USEDUALSTACK"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:lifecycle: .: {} f:preStop: .: {} f:exec: .: {} f:command: {} f:livenessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:name: {} f:ports: .: {} k:{"containerPort":5000,"protocol":"TCP"}: .: {} f:containerPort: {} f:protocol: {} f:readinessProbe: .: {} f:failureThreshold: {} f:httpGet: .: {} f:path: {} f:port: {} f:scheme: {} f:initialDelaySeconds: {} f:periodSeconds: {} f:successThreshold: {} f:timeoutSeconds: {} f:resources: .: {} f:requests: .: {} f:cpu: {} f:memory: {} f:securityContext: .: {} f:readOnlyRootFilesystem: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:volumeMounts: .: {} k:{"mountPath":"/etc/pki/ca-trust/extracted"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/pki/ca-trust/source/anchors"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/etc/secrets"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/usr/share/pki/ca-trust-source"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/lib/kubelet/"}: .: {} f:mountPath: {} f:name: {} k:{"mountPath":"/var/run/secrets/cloud"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} k:{"mountPath":"/var/run/secrets/openshift/serviceaccount"}: .: {} f:mountPath: {} f:name: {} f:readOnly: {} f:dnsPolicy: {} f:nodeSelector: {} f:priorityClassName: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: .: {} f:fsGroup: {} f:fsGroupChangePolicy: {} f:serviceAccount: {} f:serviceAccountName: {} f:terminationGracePeriodSeconds: {} f:topologySpreadConstraints: .: {} k:{"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"node-role.kubernetes.io/worker","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} k:{"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}: .: {} f:labelSelector: {} f:maxSkew: {} f:topologyKey: {} f:whenUnsatisfiable: {} f:volumes: .: {} k:{"name":"bound-sa-token"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"ca-trust-extracted"}: .: {} f:emptyDir: {} f:name: {} k:{"name":"image-registry-private-configuration"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:optional: {} f:secretName: {} k:{"name":"installation-pull-secrets"}: .: {} f:name: {} f:secret: .: {} f:defaultMode: {} f:items: {} f:optional: {} f:secretName: {} k:{"name":"registry-certificates"}: .: {} f:configMap: .: {} f:defaultMode: {} f:name: {} f:name: {} k:{"name":"registry-tls"}: .: {} f:name: {} f:projected: .: {} f:defaultMode: {} f:sources: {} k:{"name":"trusted-ca"}: .: {} f:configMap: .: {} f:defaultMode: {} f:items: {} f:name: {} f:optional: {} f:name: {} manager: kube-controller-manager operation: Update time: "2026-04-17T17:10:28Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:observedGeneration: {} f:replicas: {} manager: kube-controller-manager operation: Update subresource: status time: "2026-04-17T17:10:28Z" name: image-registry-5f797f5f96 namespace: openshift-image-registry ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: Deployment name: image-registry uid: e69d417f-2248-4c8e-bded-467158d0eb93 resourceVersion: "9328" uid: 0fdd2671-ba3e-4adf-8fbe-eeeddf6140a7 spec: replicas: 0 selector: matchLabels: docker-registry: default pod-template-hash: 5f797f5f96 template: metadata: annotations: imageregistry.operator.openshift.io/dependencies-checksum: sha256:e92cce6984e5242ba7a28a51cb3023c40eea4238b96938b155635bbe0d74838f openshift.io/required-scc: restricted-v2 target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' creationTimestamp: null labels: docker-registry: default pod-template-hash: 5f797f5f96 spec: containers: - command: - /bin/sh - -c - mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract --output /etc/pki/ca-trust/extracted/ && exec /usr/bin/dockerregistry env: - name: REGISTRY_STORAGE value: s3 - name: REGISTRY_STORAGE_S3_BUCKET value: 848ee30b63de-image-registry-us-east-1-btmwsrbhtekemumqinchhnge - name: REGISTRY_STORAGE_S3_REGION value: us-east-1 - name: REGISTRY_STORAGE_S3_ENCRYPT value: "true" - name: REGISTRY_STORAGE_S3_FORCEPATHSTYLE value: "true" - name: REGISTRY_STORAGE_S3_CREDENTIALSCONFIGPATH value: /var/run/secrets/cloud/credentials - name: REGISTRY_STORAGE_S3_USEDUALSTACK value: "true" - name: REGISTRY_HTTP_ADDR value: :5000 - name: REGISTRY_HTTP_NET value: tcp - name: REGISTRY_HTTP_SECRET value: 213c545bd8fcd436d858d542ce7c6615ff0145539b2c1710281a7a268bf261fafe5d0abd7b3ab1959c372ca886224a6c65734de7d2e0a624204f31639d8b843c - name: REGISTRY_LOG_LEVEL value: info - name: REGISTRY_OPENSHIFT_QUOTA_ENABLED value: "true" - name: REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR value: inmemory - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED value: "true" - name: REGISTRY_HEALTH_STORAGEDRIVER_INTERVAL value: 10s - name: REGISTRY_HEALTH_STORAGEDRIVER_THRESHOLD value: "1" - name: REGISTRY_OPENSHIFT_METRICS_ENABLED value: "true" - name: REGISTRY_OPENSHIFT_SERVER_ADDR value: image-registry.openshift-image-registry.svc:5000 - name: REGISTRY_HTTP_TLS_CERTIFICATE value: /etc/secrets/tls.crt - name: REGISTRY_HTTP_TLS_KEY value: /etc/secrets/tls.key image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:44136b348d0b6fc6ca07bd61902f4901177c2185045a72b42b2a1d2ad050e0f9 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - sleep - "25" livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: registry ports: - containerPort: 5000 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 5000 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 100m memory: 256Mi securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/secrets/cloud name: image-registry-private-configuration readOnly: true - mountPath: /etc/secrets name: registry-tls - mountPath: /etc/pki/ca-trust/extracted name: ca-trust-extracted - mountPath: /etc/pki/ca-trust/source/anchors name: registry-certificates - mountPath: /usr/share/pki/ca-trust-source name: trusted-ca - mountPath: /var/lib/kubelet/ name: installation-pull-secrets - mountPath: /var/run/secrets/openshift/serviceaccount name: bound-sa-token readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000300000 fsGroupChangePolicy: OnRootMismatch serviceAccount: registry serviceAccountName: registry terminationGracePeriodSeconds: 55 topologySpreadConstraints: - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: node-role.kubernetes.io/worker whenUnsatisfiable: DoNotSchedule - labelSelector: matchLabels: docker-registry: default maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule volumes: - name: image-registry-private-configuration secret: defaultMode: 420 optional: false secretName: image-registry-private-configuration - name: registry-tls projected: defaultMode: 420 sources: - secret: name: image-registry-tls - emptyDir: {} name: ca-trust-extracted - configMap: defaultMode: 420 name: image-registry-certificates name: registry-certificates - configMap: defaultMode: 420 items: - key: ca-bundle.crt path: anchors/ca-bundle.crt name: trusted-ca optional: true name: trusted-ca - name: installation-pull-secrets secret: defaultMode: 420 items: - key: .dockerconfigjson path: config.json optional: true secretName: installation-pull-secrets - name: bound-sa-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: openshift expirationSeconds: 3600 path: token status: observedGeneration: 2 replicas: 0 kind: ReplicaSetList metadata: resourceVersion: "46165"