The OpenShift Container Platform provides an internal, integrated container image registry that can be deployed in your OpenShift Container Platform environment to locally manage images. This registry enables you to build container images from your source code, deploy them on the OpenShift platform and manage their lifecycle. During the initial cluster setup you’ll setup the internal registry. Complete setup guide is covered in the documentation, under Deploying a Registry on Existing Clusters section.

OpenShift Courses:

Practical OpenShift for Developers – New Course 2021

Ultimate Openshift (2021) Bootcamp by School of Devops

Configuring OpenShift internal image registry

On infrastructure platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as Removed. Since I’m running the cluster on bare metal servers I’ll change the Registry Operator configuration’s managementState from Removed to Managed.

$ oc edit configs.imageregistry/cluster
  managementState: Managed

You also need to set persistent volume claim for the internal registry. See below example.

      claim: ocs4registry

Confirm pvc is bound in the image registry namespace.

$ oc get pvc -n openshift-image-registry
NAME           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
ocs4registry   Bound    pvc-a07963ea-2b23-477f-936d-4f8f674de9a5   100Gi      RWX            cephfs         57d

Verify you do not have a registry Pod:

$ oc get pod -n openshift-image-registry
NAME                                               READY   STATUS      RESTARTS   AGE
cluster-image-registry-operator-674b759cfb-vvsmr   2/2     Running     0          41d
image-pruner-1600387200-5qzgn                      0/1     Completed   0          2d10h
image-pruner-1600473600-x8rd6                      0/1     Completed   0          34h
image-pruner-1600560000-ss6mn                      0/1     Completed   0          10h
image-registry-6f4b4db789-2wdmt                    1/1     Running     0          41d
node-ca-7pkp4                                      1/1     Running     0          53d
node-ca-f5pnq                                      1/1     Running     0          53d
node-ca-h5v2f                                      1/1     Running     0          53d
node-ca-ldgvv                                      1/1     Running     0          53d
node-ca-ldplz                                      1/1     Running     0          53d
node-ca-rl8xt                                      1/1     Running     0          53d
node-ca-s59td                                      1/1     Running     0          53d
node-ca-shk7l                                      1/1     Running     0          53d
node-ca-t7ghk                                      1/1     Running     0          53d
node-ca-vk9sl                                      1/1     Running     0          53d
node-ca-xjz45                                      1/1     Running     0          53d
node-ca-xr75h                                      1/1     Running     0          53d

Exposing OpenShift internal image registry externally

At the time of registry installation it is not exposed externally. This means the registry can only be used internally within the cluster. For external access we’ll need to expose the service using OpenShift route.

The route can be exposed by using DefaultRoute parameter in the resource or by using custom routes. You’ll run the following command to expose the route by modifying the DefaultRoute parameter.

oc patch --patch '{"spec":{"defaultRoute":true}}' --type=merge

Expected output: patched

Confirm a route was created.

$ oc get  route  -n openshift-image-registry
NAME            HOST/PORT                                                          PATH   SERVICES         PORT    TERMINATION   WILDCARD
default-route               image-registry   <all>   reencrypt     None

Login to OpenShift Registry with Docker | Podman

Login to your OpenShift Cluster with oc command line tool.

$ oc login https://api.<cluster>.<domain>:6443

Once you’re logged in get the registry route automatically using the following command.

HOST=$(oc get route default-route -n openshift-image-registry --template='{{ }}')

You can verify the value by using:

$ echo $HOST

You can then login to the registry we exposed using the following command:

$ podman login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST 

Login with docker CLI:

$ docker login -u $(oc whoami) -p $(oc whoami -t) --tls-verify=false $HOST 

Pushing container images to OpenShift registry

To push container images to the registry you’ll first tag them. See below example.

$ docker pull busybox:latest
$ docker tag busybox:latest
$ docker push
$ oc get is busybox

Once you push the image into the registry, a OpenShift ImageStream will be created automatically. No further action is required.

Other OpenShift guides:

How To Allow Insecure Registries in OpenShift / OKD 4.x Cluster

Manage OpenShift / OKD Users with HTPasswd Identity Provider

How to run telnet / tcpdump in OpenShift v4 CoreOS Nodes

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here