OpenShift Container Platform can build container images from your source code, deploy them, and manage their lifecycle. The OpenShift Container Platform provides an internal, integrated Docker registry that we have deployed in our OpenShift Container Platform environment to locally manage images. Basic instructions from the OpenShift documentation can be found here.
Connecting To The Registry
The OpenShift Registry is secured via TLS so there are a few things you need to do before you can connect and push or pull images.
- Log In To OpenShift With OpenShift CLI
oc login https://openshift.dsc.umich.edu:8443 --token=<hidden>
- Request ca.crt
A ca.crt is required to connect to our OpenShift Registry. You can request the ca.crt by emailing email@example.com.
The ca is commonly found at /etc/origin/master/ca.crt on the OpenShift master server(s).
- For accessing the registry for the on-premise cluster, you will need to request and install a ca.crt. You can request the ca.crt by emailing firstname.lastname@example.org, or by creating a ServiceNow ticket assigned to the 'Container Service' group. You can install the ca using the following instructions
cp ca.crt /etc/pki/ca-trust/source/anchors
sudo update-ca-trust enable
Note: A restart may be needed after this
sudo security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ca.crt
More options and details here.
Pushing And Pulling Images
- Log In To The Docker Registry
docker login -u <username>@umich.edu -p $(oc whoami -t) https://registry.openshift.dsc.umich.edu
- Pushing An Image
docker push registry.openshift.dsc.umich.edu/<your_project_name>/<image_name>
- Pulling An Image From The OpenShift Namespace
docker pull registry.openshift.dsc.umich.edu/openshift/<image_name>
- Pulling An Image From Your Project
docker pull registry.openshift.dsc.umich.edu/<your_project_name>/<image_name>