openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

BZ1971700: Add a section to expose default registry

Browse Source 
Existing section only mentions how to get a certificate of custom routes,
added a section to get a certificate for default registry routes.
This commit is contained in:
Servesha Dudhgaonkar
2021-10-15 15:44:50 +05:30
committed by openshift-cherrypick-robot
parent 69ca740172
commit 13ad3fa5af
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
modules/registry-exposing-default-registry-manually.adoc Normal file
View File

@@ -0,0 +1,51 @@
[id="registry-exposing-default-registry-manually_{context}"]
= Exposing a default registry manually
Instead of logging in to the default {product-title} registry from within the cluster, you can gain external access to it by exposing it with a route. This external access enables you to log in to the registry from outside the cluster using the route address and to tag and push images to an existing project by using the route host.
.Prerequisites:
* The following prerequisites are automatically performed:
** Deploy the Registry Operator.
** Deploy the Ingress Operator.
.Procedure
You can expose the route by using the `defaultRoute` parameter in the `configs.imageregistry.operator.openshift.io` resource.
To expose the registry using the `defaultRoute`:
. Set `defaultRoute` to `true`:
+
[source,terminal]
----
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
----
+
. Get the default registry route:
+
[source,terminal]
----
$ HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
----
. Get the certificate of the Ingress Operator:
+
[source,terminal]
----
$ oc get secret -n openshift-ingress router-certs-default -o go-template='{{index .data "tls.crt"}}' | base64 -d | sudo tee /etc/pki/ca-trust/source/anchors/${HOST}.crt > /dev/null
----
. Enable the cluster's default certificate to trust the route using the following commands:
+
[source,terminal]
----
$ sudo update-ca-trust enable
----
. Log in with podman using the default route:
+
[source,terminal]
----
$ sudo podman login -u kubeadmin -p $(oc whoami -t) $HOST
----

1
registry/securing-exposing-registry.adoc
View File

@@ -10,4 +10,5 @@ so that it serves traffic through TLS. Unlike previous versions of
{product-title}, the registry is not exposed outside of the cluster at the time
of installation.
include::modules/registry-exposing-default-registry-manually.adoc[leveloffset=+1]
include::modules/registry-exposing-secure-registry-manually.adoc[leveloffset=+1]