OpenShift 4 Internal Registry Access for a Specified Namespace

about this Tutorial

When we are working with Openshift’s Internal registry in a large organization (especially in an Air Gaped Environment) it is important to create A consistency in General available Container images.
Another thing we would like to avoid is multiple copies of the same image in our registry and for that we can create A namespace (we will call it “public”) and add permissions to make it available for all the authenticated users in our cluster :

What do we need ?

  • oc — As Our command line tool
  • OpenShift 4 Cluster

Getting Started

The following task only can only be performed as a cluster admin.

We will create a namespace named “public”

Now all we need to do is to provide permission for all authenticated users to be able pull the images from the public namespace (or Registry directory in this case)

so we will run the oc adm command as follow :

Let’s get the route of our internal registry :

Now let’s set it up as a variable :

Push Image

as a cluster admin (or a namespace admin) you can push images to your public directory. Let’s push one so other users can use it.
In my example I will use the ubi-minimal image :

tag the image to the internal registry :

And push the Image :

Pull as Normal User

Now we can login as normal user to OpenShift

Once the oc login is successful we can us it (and the token) to login to the registry with podman :

the “tls-verify” is in case we haven’t updated our WS with the CA for the wildcard certificate.

For the last action all we need to do is to pull the Image :

That is it!
You are all Done …

Open Source contributer for the past 15 years