Wednesday, January 1, 2025
Google search engine
HomeGuest BlogsExpose OpenShift Internal Registry To External Users

Expose OpenShift Internal Registry To External Users

The OpenShift Container Platform provides an internal, integrated container image registry that can be deployed in your OpenShift Container Platform environment to locally manage images. This registry enables you to build container images from your source code, deploy them on the OpenShift platform and manage their lifecycle. During the initial cluster setup you’ll setup the internal registry. Complete setup guide is covered in the documentation, under Deploying a Registry on Existing Clusters section.

Configuring OpenShift internal image registry

On infrastructure platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as Removed. Since I’m running the cluster on bare metal servers I’ll change the Registry Operator configuration’s managementState from Removed to Managed.

$ oc edit configs.imageregistry/cluster
spec:
  managementState: Managed

You also need to set persistent volume claim for the internal registry. See below example.

...
storage:
    pvc:
      claim: ocs4registry

Confirm pvc is bound in the image registry namespace.

$ oc get pvc -n openshift-image-registry
NAME           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
ocs4registry   Bound    pvc-a07963ea-2b23-477f-936d-4f8f674de9a5   100Gi      RWX            cephfs         57d

Verify you do not have a registry Pod:

$ oc get pod -n openshift-image-registry
NAME                                               READY   STATUS      RESTARTS   AGE
cluster-image-registry-operator-674b759cfb-vvsmr   2/2     Running     0          41d
image-pruner-1600387200-5qzgn                      0/1     Completed   0          2d10h
image-pruner-1600473600-x8rd6                      0/1     Completed   0          34h
image-pruner-1600560000-ss6mn                      0/1     Completed   0          10h
image-registry-6f4b4db789-2wdmt                    1/1     Running     0          41d
node-ca-7pkp4                                      1/1     Running     0          53d
node-ca-f5pnq                                      1/1     Running     0          53d
node-ca-h5v2f                                      1/1     Running     0          53d
node-ca-ldgvv                                      1/1     Running     0          53d
node-ca-ldplz                                      1/1     Running     0          53d
node-ca-rl8xt                                      1/1     Running     0          53d
node-ca-s59td                                      1/1     Running     0          53d
node-ca-shk7l                                      1/1     Running     0          53d
node-ca-t7ghk                                      1/1     Running     0          53d
node-ca-vk9sl                                      1/1     Running     0          53d
node-ca-xjz45                                      1/1     Running     0          53d
node-ca-xr75h                                      1/1     Running     0          53d

Exposing OpenShift internal image registry externally

At the time of registry installation it is not exposed externally. This means the registry can only be used internally within the cluster. For external access we’ll need to expose the service using OpenShift route.

The route can be exposed by using DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or by using custom routes. You’ll run the following command to expose the route by modifying the DefaultRoute parameter.

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

Expected output:

config.imageregistry.operator.openshift.io/cluster patched

Confirm a route was created.

$ oc get  route  -n openshift-image-registry
NAME            HOST/PORT                                                          PATH   SERVICES         PORT    TERMINATION   WILDCARD
default-route   default-route-openshift-image-registry.apps.ocp.example.net               image-registry   <all>   reencrypt     None

Login to OpenShift Registry with Docker | Podman

Login to your OpenShift Cluster with oc command line tool.

$ oc login https://api.<cluster>.<domain>:6443

Once you’re logged in get the registry route automatically using the following command.

HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')

You can verify the value by using:

$ echo $HOST

You can then login to the registry we exposed using the following command:

$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST 

Login with docker CLI:

$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST 

Pushing container images to OpenShift registry

To push container images to the registry you’ll first tag them. See below example.

$ docker pull busybox:latest
$ docker tag busybox:latest registry.dev.example.com/testplatform/busybox:latest
$ docker push  registry.dev.example.com/testplatform/busybox:latest
$ oc get is busybox

Once you push the image into the registry, a OpenShift ImageStream will be created automatically. No further action is required.

Other OpenShift guides:

RELATED ARTICLES

Most Popular

Recent Comments