Expose the OpenShift internal registry from the outside and log in with Docker/Podman CLI
To
You can download this article in PDF format via the link below to support us.
Download the guide in PDF format
turn off
To
To
To
OpenShift Container Platform provides an internally integrated container image registry, which can be deployed in your OpenShift container platform environment to manage images locally. Through this registry, you can build a container image from source code, deploy it on the OpenShift platform and manage its life cycle. During the initial cluster setup process, you will set up the internal registry. The complete installation guide is included in the ” Deploy the registry on an existing cluster section.
Configure OpenShift internal image registry
On infrastructure platforms that do not provide sharable object storage, the OpenShift Image Registry Operator will guide itself as Removed
. Since I am running the cluster on a bare metal server, I will change the registry operator configuration Management status From deleted to managed.
$ oc edit configs.imageregistry/cluster
spec:
managementState: Managed
You also need to set persistent bulk declarations for the internal registry. See the example below.
...
storage:
pvc:
claim: ocs4registry
Confirm that PVC has been bound in the image registry name space.
$ oc get pvc -n openshift-image-registry
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
ocs4registry Bound pvc-a07963ea-2b23-477f-936d-4f8f674de9a5 100Gi RWX cephfs 57d
Confirm that you do not have a registry pod:
$ oc get pod -n openshift-image-registry
NAME READY STATUS RESTARTS AGE
cluster-image-registry-operator-674b759cfb-vvsmr 2/2 Running 0 41d
image-pruner-1600387200-5qzgn 0/1 Completed 0 2d10h
image-pruner-1600473600-x8rd6 0/1 Completed 0 34h
image-pruner-1600560000-ss6mn 0/1 Completed 0 10h
image-registry-6f4b4db789-2wdmt 1/1 Running 0 41d
node-ca-7pkp4 1/1 Running 0 53d
node-ca-f5pnq 1/1 Running 0 53d
node-ca-h5v2f 1/1 Running 0 53d
node-ca-ldgvv 1/1 Running 0 53d
node-ca-ldplz 1/1 Running 0 53d
node-ca-rl8xt 1/1 Running 0 53d
node-ca-s59td 1/1 Running 0 53d
node-ca-shk7l 1/1 Running 0 53d
node-ca-t7ghk 1/1 Running 0 53d
node-ca-vk9sl 1/1 Running 0 53d
node-ca-xjz45 1/1 Running 0 53d
node-ca-xr75h 1/1 Running 0 53d
Expose the OpenShift internal image registry externally
When the registry is installed, it will not be exposed externally. This means that the registry can only be used inside the cluster. For external access, we need to use OpenShift routing to expose services.
You can expose routes by using the DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or using custom routes. You will run the following command to expose the route by modifying the DefaultRoute parameter.
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
Expected output:
config.imageregistry.operator.openshift.io/cluster patched
Confirm that the route has been created.
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route default-route-openshift-image-registry.apps.ocp.example.net image-registry reencrypt None
Log in to the OpenShift registry with Docker | Podman
Log in to your OpenShift cluster using OC Command line tool.
$ oc login https://api..:6443
After logging in, use the following command to automatically obtain the registry route.
HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
You can verify this value using the following methods:
$ echo $HOST
Then, you can log in to our public registry with the following command:
$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST
Log in using Docker CLI:
$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST
Push the container image to the OpenShift registry
To push the container image to the registry, first tag it. See the example below.
$ docker pull busybox:latest
$ docker tag busybox:latest registry.dev.example.com/testplatform/busybox:latest
$ docker push registry.dev.example.com/testplatform/busybox:latest
$ oc get is busybox
After pushing the image to the registry, an OpenShift ImageStream will be created automatically. No further action is required.
Other OpenShift guides:
How to allow insecure registry in OpenShift/OKD 4.x cluster
Use HTPasswd identity provider to manage OpenShift/OKD users
How to run telnet/tcpdump in OpenShift v4 CoreOS node
To
You can download this article in PDF format via the link below to support us.
Download the guide in PDF format
turn off
To
To
To