export LOCATION=westeurope
export RESOURCEGROUP=aro-v4-private
export CLUSTER=aroprivate
export STORAGE_ACCOUNT_NAME=aroregistry
export STORAGE_CONTAINER_NAME=registry-container
az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCEGROUP
az storage container create --name $STORAGE_CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME
Configure private link on a created storage account
- Choose your resource group and give private enpoint a name
- Choose 'storageAccounts' resource type, your storage account and 'blob' as a target sub-resource
- Choose your vnet and subnet. Under the 'Private DNS Integration' section choose 'Yes'
export STORAGE_ACCOUNT_KEY=$(az storage account keys list --account-name $STORAGE_ACCOUNT_NAME -o json | jq -r '.[0].value')
oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_AZURE_ACCOUNTKEY=$STORAGE_ACCOUNT_KEY --namespace openshift-image-registry
oc edit configs.imageregistry.operator.openshift.io/cluster
...
storage:
azure:
accountName: <account-name>
container: <container-name>
...