Enable Public Registry on OKD4x
Jump to navigation
Jump to search
By default registry is not open to public networks and only available for cluster members.
But you can open that by creating a public route, just tell the operator what to do.
Contents
1 BACKUP
oc project openshift-image-registry oc get configs.imageregistry.operator.openshift.io/cluster -o yaml > $HOME/backup_openshift-image-registry_configs.imageregistry.operator.openshift.io_cluster.yml
2 CONFIGURE OPERATOR
oc project openshift-image-registry oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
3 DOCKER LOGIN
3.1 Configure Insecure Registry if needed
PUB_REG=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}') echo "{ \"insecure-registries\" : [\"$PUB_REG\"] }" > /etc/docker/daemon.json
3.2 FETCH CA FOR LOGIN IF CERTS ARE SELF SIGNED
export API=api.cluster.domain.com echo | openssl s_client -showcerts -connect $API:6443 > ${API}_ca.pem echo | openssl s_client -showcerts -connect $API:443 >> ${API}_ca.pem oc login -u admin --certificate-authority=${API}_ca.pem https://$API:6443
oc login -u some-admin podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $PUB_REG docker login -u $(oc whoami) -p $(oc whoami -t) $PUB_REG