Enable Public Registry on OKD4x

From Bitbull Wiki
Jump to navigation Jump to search

By default registry is not open to public networks and only available for cluster members.
But you can open that by creating a public route, just tell the operator what to do.

1 BACKUP

oc project openshift-image-registry
oc get configs.imageregistry.operator.openshift.io/cluster -o yaml > $HOME/backup_openshift-image-registry_configs.imageregistry.operator.openshift.io_cluster.yml

2 CONFIGURE OPERATOR

oc project openshift-image-registry
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

3 DOCKER LOGIN

3.1 Configure Insecure Registry if needed

PUB_REG=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
echo "{
  \"insecure-registries\" : [\"$PUB_REG\"]
}" > /etc/docker/daemon.json

3.2 FETCH CA FOR LOGIN IF CERTS ARE SELF SIGNED

export API=api.cluster.domain.com
echo | openssl s_client -showcerts -connect $API:6443 > ${API}_ca.pem
echo | openssl s_client -showcerts -connect $API:443 >> ${API}_ca.pem
oc login -u admin --certificate-authority=${API}_ca.pem  https://$API:6443

oc login -u some-admin
podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $PUB_REG
docker login -u $(oc whoami) -p $(oc whoami -t) $PUB_REG
Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Enable_Public_Registry_on_OKD4x&oldid=5384"