Open in app

Sign in

Write

Sign in

Expose OpenShift Internal Registry To External Users

ComputingPost
3 min readOct 8, 2022

--

The OpenShift Container Platform provides an internal, integrated container image registry that can be deployed in your OpenShift Container Platform environment to locally manage images. This registry enables you to build container images from your source code, deploy them on the OpenShift platform and manage their lifecycle. During the initial cluster setup you’ll setup the internal registry. Complete setup guide is covered in the documentation, under Deploying a Registry on Existing Clusters section.

Configuring OpenShift internal image registry

On infrastructure platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as Removed. Since I’m running the cluster on bare metal servers I’ll change the Registry Operator configuration’s managementState from Removed to Managed.

$ oc edit configs.imageregistry/cluster

spec:

  managementState: Managed

You also need to set persistent volume claim for the internal registry. See below example.

...

storage:

    pvc:

      claim: ocs4registry

Confirm pvc is bound in the image registry namespace.

$ oc get pvc -n openshift-image-registry

NAME           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE

ocs4registry   Bound    pvc-a07963ea-2b23-477f-936d-4f8f674de9a5   100Gi      RWX            cephfs         57d

Verify you do not have a registry Pod:

$ oc get pod -n openshift-image-registry

NAME                                               READY   STATUS      RESTARTS   AGE

cluster-image-registry-operator-674b759cfb-vvsmr   2/2     Running     0          41d

image-pruner-1600387200-5qzgn                      0/1     Completed   0          2d10h

image-pruner-1600473600-x8rd6                      0/1     Completed   0          34h

image-pruner-1600560000-ss6mn                      0/1     Completed   0          10h

image-registry-6f4b4db789-2wdmt                    1/1     Running     0          41d

node-ca-7pkp4                                      1/1     Running     0          53d

node-ca-f5pnq                                      1/1     Running     0          53d

node-ca-h5v2f                                      1/1     Running     0          53d

node-ca-ldgvv                                      1/1     Running     0          53d

node-ca-ldplz                                      1/1     Running     0          53d

node-ca-rl8xt                                      1/1     Running     0          53d

node-ca-s59td                                      1/1     Running     0          53d

node-ca-shk7l                                      1/1     Running     0          53d

node-ca-t7ghk                                      1/1     Running     0          53d

node-ca-vk9sl                                      1/1     Running     0          53d

node-ca-xjz45                                      1/1     Running     0          53d

node-ca-xr75h                                      1/1     Running     0          53d

Exposing OpenShift internal image registry externally

At the time of registry installation it is not exposed externally. This means the registry can only be used internally within the cluster. For external access we’ll need to expose the service using OpenShift route.

The route can be exposed by using DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or by using custom routes. You’ll run the following command to expose the route by modifying the DefaultRoute parameter.

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '"spec":"defaultRoute":true' --type=merge

Expected output:

config.imageregistry.operator.openshift.io/cluster patched

Confirm a route was created.

$ oc get  route  -n openshift-image-registry

NAME            HOST/PORT                                                          PATH   SERVICES         PORT    TERMINATION   WILDCARD

default-route   default-route-openshift-image-registry.apps.ocp.example.net               image-registry      reencrypt     None

Login to OpenShift Registry with Docker | Podman

Login to your OpenShift Cluster with oc command line tool.

$ oc login https://api..:6443

Once you’re logged in get the registry route automatically using the following command.

HOST=$(oc get route default-route -n openshift-image-registry --template=' .spec.host ')

You can verify the value by using:

$ echo $HOST

You can then login to the registry we exposed using the following command:

$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST

Login with docker CLI:

$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST

Pushing container images to OpenShift registry

To push container images to the registry you’ll first tag them. See below example.

$ docker pull busybox:latest

$ docker tag busybox:latest registry.dev.example.com/testplatform/busybox:latest

$ docker push  registry.dev.example.com/testplatform/busybox:latest

$ oc get is busybox

Once you push the image into the registry, a OpenShift ImageStream will be created automatically. No further action is required.

https://www.computingpost.com/expose-openshift-internal-registry-to-external-users/?feed_id=9296&_unique_id=6340d4de2c625

--

--

ComputingPost
ComputingPost

Written by ComputingPost

61 Followers
1 Following

ComputingPost — Linux Howtos, Tutorials, Guides, News, Tips and Tricks.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams