Skip to content

Commit c272589

Browse files
sagidlowsagidlow
authored
Merge pull request #37577 from xenolinux/bug1971700
BZ1971700: Add a section to expose default registry
2 parents d138233 + d4ec745 commit c272589

File tree

2 files changed

+52
-0
lines changed

2 files changed

+52
-0
lines changed

modules/registry-exposing-default-registry-manually.adoc

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
[id="registry-exposing-default-registry-manually_{context}"]
2+
= Exposing a default registry manually
3+
4+
Instead of logging in to the default {product-title} registry from within the cluster, you can gain external access to it by exposing it with a route. This external access enables you to log in to the registry from outside the cluster using the route address and to tag and push images to an existing project by using the route host.
5+
6+
.Prerequisites:
7+
8+
* The following prerequisites are automatically performed:
9+
** Deploy the Registry Operator.
10+
** Deploy the Ingress Operator.
11+
12+
.Procedure
13+
14+
You can expose the route by using the `defaultRoute` parameter in the `configs.imageregistry.operator.openshift.io` resource.
15+
16+
To expose the registry using the `defaultRoute`:
17+
18+
. Set `defaultRoute` to `true`:
19+
+
20+
[source,terminal]
21+
----
22+
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
23+
----
24+
+
25+
. Get the default registry route:
26+
+
27+
[source,terminal]
28+
----
29+
$ HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
30+
----
31+
32+
. Get the certificate of the Ingress Operator:
33+
+
34+
[source,terminal]
35+
----
36+
$ oc get secret -n openshift-ingress router-certs-default -o go-template='{{index .data "tls.crt"}}' | base64 -d | sudo tee /etc/pki/ca-trust/source/anchors/${HOST}.crt > /dev/null
37+
----
38+
39+
. Enable the cluster's default certificate to trust the route using the following commands:
40+
+
41+
[source,terminal]
42+
----
43+
$ sudo update-ca-trust enable
44+
----
45+
46+
. Log in with podman using the default route:
47+
+
48+
[source,terminal]
49+
----
50+
$ sudo podman login -u kubeadmin -p $(oc whoami -t) $HOST
51+
----

registry/securing-exposing-registry.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@ so that it serves traffic through TLS. Unlike previous versions of
1010
{product-title}, the registry is not exposed outside of the cluster at the time
1111
of installation.
1212

13+
include::modules/registry-exposing-default-registry-manually.adoc[leveloffset=+1]
1314
include::modules/registry-exposing-secure-registry-manually.adoc[leveloffset=+1]

0 commit comments

Comments
 (0)