OpenShift Use Image Registry Recipe

  1. Ensure you're logged in with oc
  2. By default, a registry does not have an external route; if this is required, the registry must be exposed:
    1. Follow the instructions to expose the registry for your cluster version.
    2. Then, allow a user to push to the registry
      oc policy add-role-to-user registry-editor $(oc whoami)
    3. Finally, allow a user to pull from the registry:
      oc policy add-role-to-user registry-viewer $(oc whoami)
  3. Get the registry route and save to a variable:
    REGISTRY=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
  4. Make sure it looks okay:
    echo ${REGISTRY}
  5. Log into the registry:
    podman login -u $(oc whoami) -p $(oc whoami -t) ${REGISTRY}
    • For self-signed certificates, add --tls-verify=false to podman login
  6. After you've built some local container, list that image:
    $ podman images
    REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
    <none>        <none>    0263a6f15fdf   2 minutes ago   771MB
  7. Tag the image for pushing to your registry (replace $IMAGEID, $PROJECT, and $IMAGE)
    podman tag $IMAGEID $REGISTRY/$PROJECT/$IMAGE
  8. Push the image to your registry:
    podman push $REGISTRY/$PROJECT/$IMAGE
  9. List the image stream within the cluster (an image stream is an indirect pointer to an image that allows updating the pointer without re-building):
    oc get imagestreams $IMAGE -n $PROJECT
  10. The image may now be referenced internally with image-registry.openshift-image-registry.svc:5000/$PROJECT/$IMAGE