Azure Red Hat OpenShift — Internal Registry
I guess, you already started digging into Azure Red Hat OpenShift and hit already some of its drawbacks and restrictions.
As ARO is a managed service, you, as a customer, are not assigned the full privileges of the “OpenShift-ClusterAdmin” role. Some of the access restrictions can prevent you from determining the Container Registry exposed Route.
The container registry is a private container image registry that runs inside OpenShift and is useful to store and control access to your built-in images.
You can access the container registry through a secure HTTPS endpoint, which allows operations such as push, pull and manage images. This endpoint is the Route to the Internal Container Registry.
From where can I get this Route?
As you have restricted access to the cluster, you will NOT be able to get the Route for your Registry using OC CLI “oc get routes -n default”.
To make your life easier, use the default format mentioned below to gain access to the ARO Internal Registry and then managing your images.
Internal Registry Name format
The Registry in OpenShift is named using a specific format, as mentioned below:
<ARO_ID> is the ID of your Azure Red Hat OpenShift cluster,
<LOCATION> is where you deployed your Azure Red Hat OpenShift cluster.
Access the Internal Registry
Before you can push or pull images, you must log in to the cluster and then to the internal registry. Different access methods can be used, which can be done using CLI or Graphical User Interface.
Let’s check both of them together !!
Login to the GUI/Console of the Internal Registry
Using Single-SignOn, you can easily and securely access the “Internal Registry Console”.
Follow the HTTPS endpoint format mentioned here to gain access to the Console:
After logging in, you should be able to see the Azure Red Hat Registry Console.
Login to the Internal Registry (CLI)
For Healthy geek users ;) use the CLI to log in to the OpenShift Internal registry.
Let’s login in first to the ARO cluster:
oc login https://openshift.<ARO_ID>.<LOCATION>.azmosa.io \
Once done, use the token to gain access to the ARO Internal Registry:
docker login docker-registry.apps.<ARO_ID>.<LOCATION>.azmosa.io \
-u $(of whoami) -p $(oc whoami -t)
Manage your Internal Registry
No rocket science here, you can manage, push and pull Container Images into the Registry, using docker CLI. (Ensure to download the needed docker packages first).
Push Container Images to the registry
1.Tag the Image
docker tag <SOURCE_IMAGE_NAME>:<TAG> docker-registry.apps.<ARO_ID>.<LOCATION>.azmosa.io/openshift/<DEST_IMAGE_NAME>:<TAG>
2. Push the tagged image
docker push docker-registry.apps.<ARO_ID>.<LOCATION>.azmosa.io/NAMESPACE/<DEST_IMAGE_NAME>:<TAG>
Ensure to update the fields; IMAGE_NAME, TAG and NAMESPACE to reflect your needs.
Do it differently
As you do not need the heavy Docker daemons anymore ;) I recommend you to do the same step with Skopeo. And you’ll notice how easy it is.