Enable Public Registry on OKD4x
Revision as of 11:48, 26 April 2021 by Chris (talk | contribs) (→Configure Insecure Registry if needed)
By default registry is not open to public networks and only available for cluster members.
But you can open that by creating a public route, just tell the operator what to do.
Contents
1 BACKUP
oc project openshift-image-registry oc get configs.imageregistry.operator.openshift.io/cluster -o yaml > $HOME/backup_openshift-image-registry_configs.imageregistry.operator.openshift.io_cluster.yml
2 CONFIGURE OPERATOR
oc project openshift-image-registry oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
3 DOCKER LOGIN
3.1 Configure Insecure Registry if needed
PUB_REG=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}') echo "{ \"insecure-registries\" : [\"$PUB_REG\"] }" > /etc/docker/daemon.json
3.2 FETCH CA FOR LOGIN IF CERTS ARE SELF SIGNED
export API=api.cluster.domain.com echo | openssl s_client -showcerts -connect $API:6443 > ${API}_ca.pem echo | openssl s_client -showcerts -connect $API:443 >> ${API}_ca.pem oc login -u admin --certificate-authority=${API}_ca.pem https://$API:6443
oc login -u some-admin podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $PUB_REG docker login -u $(oc whoami) -p $(oc whoami -t) $PUB_REG