openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/registry-exposing-default-registry-manually.adoc
dfitzmau 99e618abf9 OSDOCS-16868: CQA 2.0 for REG-3
2025-11-20 11:51:46 +00:00

58 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

:_mod-docs-content-type: PROCEDURE
[id="registry-exposing-default-registry-manually_{context}"]
= Exposing a default registry manually
[role="_abstract"]
Instead of logging in to the default {product-registry} from within the cluster, you can gain external access to the {product-registry} by exposing the registry with a route. With this external access, you can log in to the registry from outside the cluster by using the route address. You can then tag and push images to an existing project by using the route host.
.Prerequisites
* The following prerequisites are automatically performed:
** Deploy the Registry Operator.
** Deploy the Ingress Operator.
* You have access to the cluster as a user with the `cluster-admin` role.
.Procedure
. To expose the registry by using the `defaultRoute` parameter that exists in the `configs.imageregistry.operator.openshift.io` resource, set defaultRoute` to `true` by running the following command:
+
[source,terminal]
----
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
----
. Get the default registry route by running the following command:
+
[source,terminal]
----
$ HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
----
. Get the certificate of the Ingress Operator by running the following command:
+
[source,terminal]
----
$ oc extract secret/$(oc get ingresscontroller -n openshift-ingress-operator default -o json | jq '.spec.defaultCertificate.name // "router-certs-default"' -r) -n openshift-ingress --confirm
----
. Move the extracted certificate to the trusted CA directory of the system by running the following command:
+
[source,terminal]
----
$ sudo mv tls.crt /etc/pki/ca-trust/source/anchors/
----
. Enable the default certificate of the cluster to trust the route by running the following command:
+
[source,terminal]
----
$ sudo update-ca-trust enable
----
. Log in with podman with the default route by running the following command:
+
[source,terminal]
----
$ sudo podman login -u kubeadmin -p $(oc whoami -t) $HOST
----
View Git Blame Copy Permalink