Creating registry administrators

Registry administrators are official administrators who perform the functions of registry support, as well as the deployment and maintenance of regulations for the respective registries.

For more information about the Platform role classes and their functional responsibilities, refer to the following link:

1. Creating a registry administrator

After Creating Platform administrators and deploying the registry, you can add administrators for that registry.

The first service registry administrator must be created by the Platform administrator with the appropriate access rights. Subsequently, the service registry administrator can add other registry administrators independently.

  1. Log in to the Control Plane registry management administrative panel using the provided login and password.

    update cluster mgmt 01

  2. Go to the Registries section and select the registry for which you need to add administrators.

    change key 01

  3. Click the Edit button in the upper right corner of the page.

    change key 02

  4. Go to the Administrators section and add a new registry administrator.

    Click the + (plus) icon. In the new opened window, fill in the following fields:

    • First name

    • Last name

    • Email address

    • Temporary password

    You can provide access to multiple registry administrators. To do this, repeat the action for each administrator separately (+ > provide data > click Confirm).

    Provide the email address in lowercase.

    Allowed characters: "0-9", "a-z", "_", "-", "@", ".", ",".

    cp add registry admin 1

    cp add registry admin 2

  5. Click Confirm to save the changes.

    cp add registry admin 3

    As a result, a registry update request with the status New will be generated.

  6. Go back to the Registries section, scroll down the page, and find the Update requests section.

    cp submit mr 1

  7. Open the generated request by clicking the view icon — 👁

    The proposed changes will be applied to the deploy-templates/values.yaml configuration file upon confirmation.

  8. In the new window, compare the two versions of the changes, make sure the data you entered is correct, and click Confirm.

    The comparison window allows you to conveniently check the two versions of changes: the current one (left) and the new one (right).

    cp submit mr 2

    cp submit mr 3

    As a result, the request will be assigned the Verified status, and the changes will take effect.

    cp submit mr 4

    Wait for the automatic code build to complete. This may take a few minutes. For more details, see Confirming the changes in the Gerrit interface (alternative method).

    You can also reject the changes to the registry configuration immediately by clicking Reject.

    cp submit mr 5

    The system automatically creates a registry administrator in the openshift realm of the Keycloak service and assigns them the cp-registry-admin-<registry-name> role and the group /cp-registry-admin-<registry-name>, where <registry-name> is the name of the registry.

Confirming the changes in the Gerrit interface (alternative method)

An alternative method for confirming changes to the registry configuration is to perform the confirmation in the Gerrit interface. After making a change in the Control Plane (adding a new administrator, etc.), follow these steps:

  1. У розділі Запити на оновлення з’явиться новий запит. Натисніть іконку Переглянути в Gerrit.

  2. A new request will appear in the Update requests section. Click the View in Gerrit icon.

    user management 52

  3. Perform the quality gate checks. To do this, enter the created change and click REPLY.

    user management 53

  4. Click the following buttons to confirm:

    • +2 — for Code-Review;

    • +1 — for Verified.

    • SEND — to save.

    user management 54

  5. Click SUBMIT to merge the changes into the repository (git merge changes).

    user management 55

  6. In the pop-up window, click CONTINUE to confirm.

    0

  7. At the bottom of the Gerrit page, locate the CI Jenkins build information and follow the link.

    user management 57

  8. In the new window, click Back to Project on the left side (return to the project).

    user management 58

  9. Ensure the build was successful.

    user management 59

  10. After a successful execution of the Jenkins job, the system creates a new registry administrator.

    The system automatically creates a registry administrator in the openshift Keycloak service realm and assigns them the cp-registry-admin-<registry-name> role and the /cp-registry-admin-<registry-name> group, where <registry-name> is the name of the registry.

2. Creating a registry regulations administrator

Registry regulations administrators are service administrators responsible for deploying and maintaining regulations for the corresponding registries. Within the regulations, an administrator works with specific entities such as data models, business processes, UI data entry forms, analytical reports, extracts, and more.

It is necessary to manually create a registry regulations administrator and assign them roles. To do this, follow these steps:

  1. Log in to the Openshift console using the provided login and password.

    The login and password for access can be obtained from the technical support team.

  2. Go to Projects > user-management.

    cp platform admins 3

  3. Find the Networking section and follow the link to the keycloak service.

    cp platform admins 4

  4. Access the Keycloak Administration Console using the Keycloak secrets (username and password).

    cp platform admins 4 1

    cp platform admins 7

    The username and password can be obtained from the secrets for the Keycloak service.

    To do this, go to Workloads > Secrets > keycloak and copy the secrets.

    cp platform admins 5

    cp platform admins 6

  5. Log in to the -admin realm. This is where registry administrators are created and their roles (access rights) are defined.

    create registry regulations admin 1

  6. In the -admin realm, create a user and assign them the following roles:

    user management 43

    • gerrit-administrators — Gerrit administrators, this role is necessary for deploying regulations and approving changes (passing Quality Gates);

    • jenkins-administrators — Jenkins administrators, this role is necessary for running clean-up jobs, reviewing generated and added Jenkins pipelines, viewing logs, etc.;

    • camunda-admin — Camunda Cockpit administrators, this role is necessary for viewing available business processes, rules, tasks, etc.

  7. In addition to the role, assign a group to the user:

    user management 44

    • Go to the Groups > Available Groups tab.

    • Select the camunda-admin group.

    • Click join.

      As a result, the group should appear in the Group Membership list.

3. Related articles

After deploying the Platform in the target environment and before deploying any registry, it is necessary to first create the Platform administrator(s).

You can find out how to do this by following the link: