The OpenShift Container Platform provides an internal, integrated container image registry that can be deployed in your OpenShift Container Platform environment to locally manage images. This registry enables you to build container images from your source code, deploy them on the OpenShift platform and manage their lifecycle. During the initial cluster setup you’ll setup the internal registry. Complete setup guide is covered in the documentation, under Deploying a Registry on Existing Clusters section.
Configuring OpenShift internal image registry
On infrastructure platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as Removed. Since I’m running the cluster on bare metal servers I’ll change the Registry Operator configuration’s managementState from Removed to Managed.
$ oc edit configs.imageregistry/cluster
spec:
managementState: Managed
You also need to set persistent volume claim for the internal registry. See below example.
...
storage:
pvc:
claim: ocs4registry
Confirm pvc is bound in the image registry namespace.
$ oc get pvc -n openshift-image-registry
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
ocs4registry Bound pvc-a07963ea-2b23-477f-936d-4f8f674de9a5 100Gi RWX cephfs 57d
Verify you do not have a registry Pod:
$ oc get pod -n openshift-image-registry
NAME READY STATUS RESTARTS AGE
cluster-image-registry-operator-674b759cfb-vvsmr 2/2 Running 0 41d
image-pruner-1600387200-5qzgn 0/1 Completed 0 2d10h
image-pruner-1600473600-x8rd6 0/1 Completed 0 34h
image-pruner-1600560000-ss6mn 0/1 Completed 0 10h
image-registry-6f4b4db789-2wdmt 1/1 Running 0 41d
node-ca-7pkp4 1/1 Running 0 53d
node-ca-f5pnq 1/1 Running 0 53d
node-ca-h5v2f 1/1 Running 0 53d
node-ca-ldgvv 1/1 Running 0 53d
node-ca-ldplz 1/1 Running 0 53d
node-ca-rl8xt 1/1 Running 0 53d
node-ca-s59td 1/1 Running 0 53d
node-ca-shk7l 1/1 Running 0 53d
node-ca-t7ghk 1/1 Running 0 53d
node-ca-vk9sl 1/1 Running 0 53d
node-ca-xjz45 1/1 Running 0 53d
node-ca-xr75h 1/1 Running 0 53d
Exposing OpenShift internal image registry externally
At the time of registry installation it is not exposed externally. This means the registry can only be used internally within the cluster. For external access we’ll need to expose the service using OpenShift route.
The route can be exposed by using DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or by using custom routes. You’ll run the following command to expose the route by modifying the DefaultRoute parameter.
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=mergeExpected output:
config.imageregistry.operator.openshift.io/cluster patchedConfirm a route was created.
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route default-route-openshift-image-registry.apps.ocp.example.net image-registry <all> reencrypt NoneLogin to OpenShift Registry with Docker | Podman
Login to your OpenShift Cluster with oc command line tool.
$ oc login https://api.<cluster>.<domain>:6443Once you’re logged in get the registry route automatically using the following command.
HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')You can verify the value by using:
$ echo $HOST
You can then login to the registry we exposed using the following command:
$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST Login with docker CLI:
$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST Pushing container images to OpenShift registry
To push container images to the registry you’ll first tag them. See below example.
$ docker pull busybox:latest
$ docker tag busybox:latest registry.dev.example.com/testplatform/busybox:latest
$ docker push registry.dev.example.com/testplatform/busybox:latest
$ oc get is busyboxOnce you push the image into the registry, a OpenShift ImageStream will be created automatically. No further action is required.
Other OpenShift guides:
