Enable Public Registry on OKD4x

From Bitbull Wiki
Revision as of 11:48, 26 April 2021 by Chris (talk | contribs) (→‎Configure Insecure Registry if needed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

By default registry is not open to public networks and only available for cluster members.
But you can open that by creating a public route, just tell the operator what to do.

1 BACKUP

oc project openshift-image-registry
oc get configs.imageregistry.operator.openshift.io/cluster -o yaml > $HOME/backup_openshift-image-registry_configs.imageregistry.operator.openshift.io_cluster.yml

2 CONFIGURE OPERATOR

oc project openshift-image-registry
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

3 DOCKER LOGIN

3.1 Configure Insecure Registry if needed

PUB_REG=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
echo "{
  \"insecure-registries\" : [\"$PUB_REG\"]
}" > /etc/docker/daemon.json

3.2 FETCH CA FOR LOGIN IF CERTS ARE SELF SIGNED

export API=api.cluster.domain.com
echo | openssl s_client -showcerts -connect $API:6443 > ${API}_ca.pem
echo | openssl s_client -showcerts -connect $API:443 >> ${API}_ca.pem
oc login -u admin --certificate-authority=${API}_ca.pem  https://$API:6443

oc login -u some-admin
podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $PUB_REG
docker login -u $(oc whoami) -p $(oc whoami -t) $PUB_REG
Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Enable_Public_Registry_on_OKD4x&oldid=5384"