Setting up Container Registry as a private registry on Red Hat OpenShift
You can add value to your Red Hat® OpenShift® Container Platform clusters by using IBM Cloud® Container Registry even where an internal registry is already provided.
For example, if you have multiple clusters, Container Registry integrates conveniently with Red Hat OpenShift Container Platform clusters so that you can build, share, synchronize, and scan image assets across clusters. For more information, see Choosing an image registry solution.
You can set up Container Registry to work with the internal registry of Red Hat OpenShift on IBM Cloud or other Red Hat OpenShift Container Platform providers.
Set up Red Hat OpenShift on IBM Cloud to use Container Registry
By default, your Red Hat OpenShift on IBM Cloud clusters are set up with an internal registry that stores images locally in your cluster. The clusters are also set up with image pull secrets in the default
project to pull images
that you store in your private Container Registry repositories.
You can use either registry separately or in combination. When you set up the Red Hat OpenShift on IBM Cloud internal registry to import images from Container Registry, you get the advantage of a private registry that is common to multiple clusters. Another benefit is that copies of the pulled images from Container Registry are stored locally on the cluster, therefore reducing latency and external traffic, but you are subject to storage limitations.
To set up your Red Hat OpenShift on IBM Cloud clusters to use the internal registry in combination with Container Registry, see the following topics in the Red Hat OpenShift on IBM Cloud documentation:
Set up Red Hat OpenShift Container Platform to use Container Registry
To set up Red Hat OpenShift Container Platform, you must create secrets that have the credentials to access Container Registry so that you can perform the following actions.
- Pull Create image pull secrets to pull images from Container Registry to your Red Hat OpenShift cluster. For example, you might deploy an app that uses an image in a private registry.
- Push Create image push secrets to push images from your Red Hat OpenShift cluster to a repository in Container Registry. For example, you might set up a continuous delivery pipeline that builds an image to a private registry instead of the internal registry.
- Both Create a secret that can pull images from and push images to Container Registry. For example, you might set up a continuous delivery pipeline that builds an image to a private registry so that your team can pull the most recent image across multiple clusters.
Set up the Red Hat OpenShift Container Platform internal registry to pull from Container Registry
To configure Red Hat OpenShift Container Platform to pull from Container Registry, you must complete the following steps:
-
Set up image pull secrets to IBM Cloud Container Registry for each project that you want to pull images in.
-
Configure Red Hat OpenShift Container Platform to use the image pull secrets by adding the secrets to a service account in each project or by referring to the secret in your podA group of containers that are running on a Kubernetes cluster. A pod is a runnable unit of work, which can be a either a stand-alone application or a microservice. deployment. You are only required to add the secret to the projects that you want to pull to.
Set up the Red Hat OpenShift Container Platform build to push images to Container Registry
If you want to push application images from Red Hat OpenShift Container Platform to Container Registry, you must edit the Red Hat OpenShift Container Platform build configuration to point at Container Registry, where myregistry.mycompany.io
is <region_domain_name>.icr.io
. For more information about Container Registry regions and domain names, see Regions.
For instructions, see Setting up builds in the internal registry to push images to IBM Cloud Container Registry.