Open shift built‐in Image registry - unix1998/technical_notes GitHub Wiki

OpenShift includes a built-in image registry. The OpenShift integrated image registry, also known as the OpenShift Container Registry (OCR), provides a robust and scalable solution for storing and managing container images within the OpenShift cluster.

1. Integrated with OpenShift:

   • The image registry is tightly integrated with the OpenShift platform, allowing seamless interaction with other OpenShift components such as builds, deployments, and image streams.

2. Automatic Deployment:

   • The OpenShift installer typically deploys the image registry automatically during the installation process, although it can be configured and managed post-installation.

3. Image Streams:

   • OpenShift introduces the concept of image streams, which allow you to manage container images and tag them. Image streams provide a way to track the changes and updates of container images and facilitate the automation of deployments when new images are available.

4. Scalability:

   • The integrated registry can be scaled to handle large numbers of images and high traffic loads, ensuring reliable performance for enterprise applications.

5. Security:

   • The registry includes features for managing security, such as integration with OpenShift's role-based access control (RBAC), OAuth authentication, and support for image signing and verification.

6. Storage Backend Options:

   • The image registry can use various storage backends, including local storage, network storage (NFS), and cloud storage solutions (AWS S3, Google Cloud Storage, Azure Blob Storage), providing flexibility in how images are stored.

7. High Availability:

   • The registry can be configured for high availability, ensuring that the image storage service remains available even if some nodes in the cluster fail.

8. Web Console Integration:

   • The OpenShift web console provides interfaces for managing image streams, builds, and deployments, making it easy to use the integrated registry.

1. Push an Image to the Registry:

   • First, you need to log in to the OpenShift registry. This can be done using the OpenShift CLI:

     oc login <your-openshift-cluster-url>
     oc whoami -t

   • Use the output token to log in to the Docker registry:

     docker login -u <username> -p <token> <registry-url>

2. Tag and Push an Image:

   • Tag a local Docker image with the OpenShift registry URL:

     docker tag my-image <registry-url>/<project-name>/my-image:latest

   • Push the tagged image to the OpenShift registry:

     docker push <registry-url>/<project-name>/my-image:latest

3. Create an Image Stream in OpenShift:

   • Define an image stream to manage the image:

     apiVersion: image.openshift.io/v1
     kind: ImageStream
     metadata:
       name: my-image
       namespace: <project-name>

   • Apply the image stream:

     oc apply -f image-stream.yaml

To access and manage the built-in image registry, you typically use the OpenShift CLI (oc) or the OpenShift web console. You can also interact with the registry using standard container tools like docker or podman.

The OpenShift built-in image registry is a powerful feature that enhances the platform's capabilities by providing integrated image storage and management. It supports a wide range of storage backends, integrates seamlessly with OpenShift's security and automation features, and can be easily managed through both CLI and web interfaces.