From the Infra Node, run the following commands.
This will create a accessable path for you to push image to internal image registry.
1 2 3 4
oc project openshift-image-registry oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec":{"defaultRoute":true}}' ## we need this output when tag and push image CLUSTER_IMAGE_REGISTRY_ROUTE=$(oc get route)
Pull, Tag and Push Image
Here we use podman:
1 2 3 4 5 6 7 8 9 10 11 12 13
## pull original from other registry ## or use podman to load image archive podman login -u <user> -p <password> docker.io podman load -i <image>.tar.gz
podman pull <path>/<image>:<tag>
export PRIVATE_REGISTRY=${CLUSTER_IMAGE_REGISTRY_ROUTE}/<project> ## kubeadmin is the default cluster admin podman login -u kubeadmin -p $(oc whoami -t) $PRIVATE_REGISTRY --tls-verify=false
podman tag <path>/<image>:<tag> $PRIVATE_REGISTRY/<image>:<tag> podman push $PRIVATE_REGISTRY/<image>:<tag>
Create Role and Binding
You need to get authenicated when pull image from cluster image registry, here we create a dedicated service account under the target project, then grant privileges to this service account and specify it to yaml file.
apiVersion:v1 kind:Pod metadata: name:test-pod spec: ## specify the service accout serviceAccountName:<serviceaccountname> containers: -name:test-cotainer image:image-registry.openshift-image-registry.svc:5000/<project>/<image>:<tag> command: ['sh', '-c', 'tail -f /dev/null']
Note that the default cluster registry path is image-registry.openshift-image-registry.svc:5000, consist of <svc name>.<project>.svc:<port>. don’t use that route path.