Exposing the registry

    Instead of logging in to the default OpenShift image registry from within the cluster, you can gain external access to it by exposing it with a route. This external access enables you to log in to the registry from outside the cluster using the route address and to tag and push images to an existing project by using the route host.

    Prerequisites:

    • The following prerequisites are automatically performed:

      • Deploy the Registry Operator.

      • Deploy the Ingress Operator.

    • You have access to the cluster as a user with the role.

    Procedure

    You can expose the route by using the defaultRoute parameter in the configs.imageregistry.operator.openshift.io resource.

    To expose the registry using the defaultRoute:

    2. Get the default registry route:

      1. Get the certificate of the Ingress Operator:

        1. $ oc get secret -n openshift-ingress  router-certs-default -o go-template='{{index .data "tls.crt"}}' | base64 -d | sudo tee /etc/pki/ca-trust/source/anchors/${HOST}.crt  > /dev/null

      2. Enable the cluster’s default certificate to trust the route using the following commands:

      3. Log in with podman using the default route:

      Exposing a secure registry manually

      Instead of logging in to the OpenShift image registry from within the cluster, you can gain external access to it by exposing it with a route. This allows you to log in to the registry from outside the cluster using the route address, and to tag and push images to an existing project by using the route host.

      Prerequisites:

      • The following prerequisites are automatically performed:

        • Deploy the Registry Operator.

        • Deploy the Ingress Operator.

      Procedure

      You can expose the route by using DefaultRoute parameter in the configs.imageregistry.operator.openshift.io resource or by using custom routes.

      To expose the registry using DefaultRoute:

      1. Set DefaultRoute to True:

        1. $ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

      2. Log in with :

        1. $ podman login -u kubeadmin -p $(oc whoami -t) --tls-verify=false $HOST (1)

      To expose the registry using custom routes:

      1. Create a secret with your route’s TLS keys:

        1. $ oc create secret tls public-route-tls \
        2.     -n openshift-image-registry \
        3.     --cert=</path/to/tls.crt> \

        This step is optional. If you do not create a secret, the route uses the default TLS configuration from the Ingress Operator.

      2. On the Registry Operator: