The OpenShift Container Platform provides an internal, integrated container image registry that can be deployed in your OpenShift Container Platform environment to locally manage images. This registry enables you to build container images from your source code, deploy them on the OpenShift platform and manage their lifecycle. During the initial cluster setup you’ll setup the internal registry. Complete setup guide is covered in the documentation, under Deploying a Registry on Existing Clusters section.
Configuring OpenShift internal image registry
On infrastructure platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as
Removed. Since I’m running the cluster on bare metal servers I’ll change the Registry Operator configuration’s managementState from Removed to Managed.
$ oc edit configs.imageregistry/cluster spec: managementState: Managed
You also need to set persistent volume claim for the internal registry. See below example.
... storage: pvc: claim: ocs4registry
Confirm pvc is bound in the image registry namespace.
$ oc get pvc -n openshift-image-registry NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE ocs4registry Bound pvc-a07963ea-2b23-477f-936d-4f8f674de9a5 100Gi RWX cephfs 57d
Verify you do not have a registry Pod:
$ oc get pod -n openshift-image-registry NAME READY STATUS RESTARTS AGE cluster-image-registry-operator-674b759cfb-vvsmr 2/2 Running 0 41d image-pruner-1600387200-5qzgn 0/1 Completed 0 2d10h image-pruner-1600473600-x8rd6 0/1 Completed 0 34h image-pruner-1600560000-ss6mn 0/1 Completed 0 10h image-registry-6f4b4db789-2wdmt 1/1 Running 0 41d node-ca-7pkp4 1/1 Running 0 53d node-ca-f5pnq 1/1 Running 0 53d node-ca-h5v2f 1/1 Running 0 53d node-ca-ldgvv 1/1 Running 0 53d node-ca-ldplz 1/1 Running 0 53d node-ca-rl8xt 1/1 Running 0 53d node-ca-s59td 1/1 Running 0 53d node-ca-shk7l 1/1 Running 0 53d node-ca-t7ghk 1/1 Running 0 53d node-ca-vk9sl 1/1 Running 0 53d node-ca-xjz45 1/1 Running 0 53d node-ca-xr75h 1/1 Running 0 53d
Exposing OpenShift internal image registry externally
At the time of registry installation it is not exposed externally. This means the registry can only be used internally within the cluster. For external access we’ll need to expose the service using OpenShift route.
The route can be exposed by using DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or by using custom routes. You’ll run the following command to expose the route by modifying the DefaultRoute parameter.
oc patch configs.imageregistry.operator.openshift.io/cluster --patch '"spec":"defaultRoute":true' --type=merge
Confirm a route was created.
$ oc get route -n openshift-image-registry NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD default-route default-route-openshift-image-registry.apps.ocp.example.net image-registry
Login to OpenShift Registry with Docker | Podman
Login to your OpenShift Cluster with oc command line tool.
$ oc login https://api.
Once you’re logged in get the registry route automatically using the following command.
HOST=$(oc get route default-route -n openshift-image-registry --template=' .spec.host ')
You can verify the value by using:
$ echo $HOST
You can then login to the registry we exposed using the following command:
$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST
Login with docker CLI:
$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST
Pushing container images to OpenShift registry
To push container images to the registry you’ll first tag them. See below example.
$ docker pull busybox:latest $ docker tag busybox:latest registry.dev.example.com/testplatform/busybox:latest $ docker push registry.dev.example.com/testplatform/busybox:latest $ oc get is busybox
Once you push the image into the registry, a OpenShift ImageStream will be created automatically. No further action is required.