Container: Developing an Application - Interacting With the OpenShift Registry


OpenShift Container Platform can build container images from your source code, deploy them, and manage their lifecycle. The OpenShift Container Platform provides an internal, integrated Docker registry that we have deployed in our OpenShift Container Platform environment to locally manage images. Basic instructions from the OpenShift documentation can be found here.


Connecting To The Registry

The OpenShift Registry is secured via TLS so there are a few things you need to do before you can connect and push or pull images.

  1. Log In To OpenShift With OpenShift CLI

oc login --token=<hidden>

  1. Request ca.crt

A ca.crt is required to connect to our OpenShift Registry. You can request the ca.crt by emailing

The ca is commonly found at /etc/origin/master/ca.crt on the OpenShift master server(s).

  1. For accessing the registry for the on-premise cluster, you will need to request and install a ca.crt.  You can request the ca.crt by emailing, or by creating a ServiceNow ticket assigned to the 'Container Service' group. You can install the ca using the following instructions
  • Linux

cp ca.crt /etc/pki/ca-trust/source/anchors
sudo update-ca-trust enable

Note: A restart may be needed after this

  • Mac

sudo security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ca.crt
<restart Docker>

More options and details here. 

Pushing And Pulling Images

  • Log In To The Docker Registry

docker login -u <username> -p $(oc whoami -t)

  • Pushing An Image

docker push<your_project_name>/<image_name>

  • Pulling An Image From The OpenShift Namespace

docker pull<image_name>

  • Pulling An Image From Your Project

docker pull<your_project_name>/<image_name>

Last Updated: 
Monday, September 10, 2018