openshift-docs/modules/developer-cli-odo-pushing-the-odo-init-image-to-an-internal-registry-directly.adoc

// Module included in the following assemblies:
//
// cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc

:_mod-docs-content-type: PROCEDURE
[id="pushing-the-odo-init-image-to-an-internal-registry-directly_{context}"]
= Pushing the `odo` init image to an {product-registry} directly

If your cluster allows images to be pushed to the {product-registry} directly, push the `odo` init image to the registry as follows:

[id="pushing-the-init-image-directly-on-linux_{context}"]

== Pushing the init image directly on Linux

.Procedure

. Enable the default route:
+
[source,terminal]
----
$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
----

. Get a wildcard route CA:
+
[source,terminal]
----
$ oc get secret router-certs-default -n openshift-ingress -o yaml
----
+
.Example output
[source,terminal]
----
apiVersion: v1
data:
  tls.crt: **************************
  tls.key: ##################
kind: Secret
metadata:
  [...]
type: kubernetes.io/tls
----

. Use `base64` to encode the root certification authority (CA) content of your mirror registry:
+
[source,terminal]
----
$ echo <tls.crt> | base64 --decode > ca.crt
----

. Trust a CA in your client platform:
+
[source,terminal]
----
$ sudo cp ca.crt  /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker
----

. Log in to the {product-registry}:
+
[source,terminal]
----
$ oc get route -n openshift-image-registry
----
+
.Example output
[source,terminal]
----
NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
default-route   <registry_path>          image-registry   <all>   reencrypt     None
----
+
[source,terminal]
----
$ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
----

. Push the `odo` init image:
+
[source,terminal]
----
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal]
----
$ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal]
----
$ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----

. Override the default `odo` init image path by setting the `ODO_BOOTSTRAPPER_IMAGE` environment variable:
+
[source,terminal]
----
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
----

[id="pushing-the-init-image-directly-on-macos_{context}"]

== Pushing the init image directly on MacOS

.Procedure

. Enable the default route:
+
[source,terminal]
----
$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
----

. Get a wildcard route CA:
+
[source,terminal]
----
$ oc get secret router-certs-default -n openshift-ingress -o yaml
----
+
.Example output
[source,terminal,subs="attributes+"]
----
apiVersion: v1
data:
  tls.crt: **************************
  tls.key: ##################
kind: Secret
metadata:
  [...]
type: kubernetes.io/tls
----

. Use `base64` to encode the root certification authority (CA) content of your mirror registry:
+
[source,terminal]
----
$ echo <tls.crt> | base64 --decode > ca.crt
----

. Trust a CA in your client platform:
+
[source,terminal]
----
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
----

. Log in to the {product-registry}:
+
[source,terminal]
----
$ oc get route -n openshift-image-registry
-----
+
.Example output
[source,terminal]
----
NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
default-route   <registry_path>          image-registry   <all>   reencrypt     None
----
+
[source,terminal]
----
$ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
----

. Push the `odo` init image:
+
[source,terminal]
----
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal]
----
$ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal]
----
$ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----

. Override the default `odo` init image path by setting the `ODO_BOOTSTRAPPER_IMAGE` environment variable:
+
[source,terminal]
----
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
----


[id="pushing-the-init-image-directly-on-windows_{context}"]

== Pushing the init image directly on Windows

.Procedure

. Enable the default route:
+
[source,terminal,subs="attributes+"]
----
PS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry
----

. Get a wildcard route CA:
+
[source,terminal,subs="attributes+"]
----
PS C:\> oc get secret router-certs-default -n openshift-ingress -o yaml
----
+
.Example output
[source,terminal,subs="attributes+"]
----
apiVersion: v1
data:
  tls.crt: **************************
  tls.key: ##################
kind: Secret
metadata:
  [...]
type: kubernetes.io/tls
----

. Use `base64` to encode the root certification authority (CA) content of your mirror registry:
+
[source,terminal,subs="attributes+"]
----
PS C:\> echo <tls.crt> | base64 --decode > ca.crt
----

. As an administrator, trust a CA in your client platform by executing the following command:
+
[source,terminal,subs="attributes+"]
----
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crt
----

. Log in to the {product-registry}:
+
[source,terminal,subs="attributes+"]
----
PS C:\> oc get route -n openshift-image-registry
----
+
.Example output
[source,terminal,subs="attributes+"]
----
NAME       HOST/PORT    PATH   SERVICES     PORT  TERMINATION   WILDCARD
default-route   <registry_path>          image-registry   <all>   reencrypt     None
----
+
[source,terminal,subs="attributes+"]
----
PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
----

. Push the `odo` init image:
+
[source,terminal,subs="attributes+"]
----
PS C:\> docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal,subs="attributes+"]
----
PS C:\> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----
+
[source,terminal,subs="attributes+"]
----
PS C:\> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
----

. Override the default `odo` init image path by setting the `ODO_BOOTSTRAPPER_IMAGE` environment variable:
+
[source,terminal,subs="attributes+"]
----
PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"
----