Setting up Docker Registry for OCP

Install Docker on Pop OS or Ubuntu

sudo apt-get install docker-ce docker-ce-cli containerd.io

docker run hello-world

Create certificate

openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt

Add certificate to Docker configuration

sudo mkdir /etc/docker/certs.d/myInternalNetwork.net:5000 -p

sudo cp domain.crt /etc/docker/certs.d/myInternalNetwork.net:5000/.

Add certificate to Pop OS or Ubuntu

sudo cp certs/domain.crt /usr/local/share/ca-certificates/myInternalNetwork.net.crt

sudo update-ca-certificates

sudo systemctl restart docker

Start Docker Registry

docker run -d \

--restart=always \

--name registry \

-v "$(pwd)"/certs:/certs \

-v /mnt/DockerRegistry:/var/lib/registry \

-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

-p 443:443 \

registry:2

Docker daemon

Add the following to the /etc/docker/daemon.json file to use the self-signed certificate:

{

"insecure-registries" : ["myMachine.myInternalNetwork.net:443"]

}

VSCode

In order to connect to your new Docker Registry with the self-signed certificate in VSCode, please add "docker.importCertificates: true" to the workspace settings file to import certificates from the OS, as shown below:

"settings": {"docker.importCertificates": true}

}

Pull OCP images

Populate variables for image pull:

OCP_RELEASE=4.3.38

LOCAL_REGISTRY='myMachine.myInternalNetwork.net'

LOCAL_REPOSITORY='ocp4/openshift4'

PRODUCT_REPO='openshift-release-dev'

LOCAL_SECRET_JSON=/temp/ocp/pull-secret.txt

RELEASE_NAME="ocp-release"

ARCHITECTURE=x86_64

REMOVABLE_MEDIA_PATH=/mnt/RHRegistry

Dry run to pull images from quay.io

./oc adm -a ${LOCAL_SECRET_JSON} release mirror \

--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \

--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \

--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} --dry-run

Pull the OCP images from quay.io

./oc adm release mirror -a ${LOCAL_SECRET_JSON} \

--to-dir=${REMOVABLE_MEDIA_PATH}/mirror quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE}

Push the OCP images to local Docker Registry

./oc image mirror -a ${LOCAL_SECRET_JSON} \

--from-dir=${REMOVABLE_MEDIA_PATH}/mirror "file://openshift/release:${OCP_RELEASE}*" ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}-${ARCHITECTURE}

Pull and push in one step

./oc adm -a ${LOCAL_SECRET_JSON} release mirror \

--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \

--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \

--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}

info: Mirroring 110 images to popadesk.sangiorgiosystems.net/ocp4/openshift4 ...

popadesk.sangiorgiosystems.net/

ocp4/openshift4

blobs:

quay.io/openshift-release-dev/ocp-v4.0-art-dev sha256:af3823e5c6a5fcf115a2f7a6c238ddd212ad0eaf5599a842d4b42c9092d338e8 629B

quay.io/openshift-release-dev/ocp-v4.0-art-dev sha256:47db82df7f3f4393c1f19c362a2db2c47ca049b6fb20bef041dfc9bdb12a4504 1.678KiB

....

sha256:ddfda321dbb1d950bd6b9ce489a7955c2944759cfd4fa9a800de90d1dc7b055c myMachine.myInternalNetwork.net/ocp4/openshift4:4.5.14-cluster-update-keys

sha256:dd32a754daa10d7ca13abda368b73b729f69331f73cbd8797d5d9462aa4ce0cc myMachine.myInternalNetwork.net/ocp4/openshift4:4.5.14-cli

info: Mirroring completed in 2m38.55s (38.16MB/s)

Success

Update image: myMachine.myInternalNetwork.net/ocp4/openshift4:4.5.14-x86_64

Mirror prefix: myMachine.myInternalNetwork.net/ocp4/openshift4

To use the new mirrored repository to install, add the following section to the install-config.yaml:

imageContentSources:

- mirrors:

- myMachine.myInternalNetwork.net/ocp4/openshift4

source: quay.io/openshift-release-dev/ocp-release

- mirrors:

- myMachine.myInternalNetwork.net/ocp4/openshift4

source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:

apiVersion: operator.openshift.io/v1alpha1

kind: ImageContentSourcePolicy

metadata:

name: example

spec:

repositoryDigestMirrors:

- mirrors:

- myMachine.myInternalNetwork.net/ocp4/openshift4

source: quay.io/openshift-release-dev/ocp-release

- mirrors:

- myMachine.myInternalNetwork.net/ocp4/openshift4

source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

Page updated

Report abuse