OpenShift - Credentials look-up for importing image

Question

I am able to a launch an application with the Redis image from RedHat - registry.redhat.io/rhel8/redis-5 using the following steps.

Create a service account at RedHat https://access.redhat.com/
Download the YAML (see below) for image pull secret once a token is created for that account.
Use the YAML file to create a secret.
Import the image.

apiVersion: v1
kind: Secret
metadata:
  name: accoutNum-userName-pull-secret
data:
  .dockerconfigjson: token-value....long........string
type: kubernetes.io/dockerconfigjson

Add secret and import image:

oc create -f secret.yaml
oc import-image rhel8/redis-5 --from=registry.redhat.io/rhel8/redis-5 --confirm

The image meta data is imported:

oc get is
NAME      DOCKER REPO                       TAGS     UPDATED
redis-5   172.30.1.1:5000/project/redis-5   latest   About a minute ago

I am not clear how the import statement locates the secret to be used.

score 0 · Accepted Answer · answered Oct 21 '19 at 11:31

0

OpenShift lookup automatically the authentication from type of kubernetes.io/dockerconfigjson in the same namespace(project) if the registry is required authentication when pulling/push images. So if you need to access multiple external registry, then just create matched secret with the credential per registry.

I hope it help you, thanks.

answered Oct 21 '19 at 11:31

Daein Park

4,393
2
12
21

Interestingly, the `oc new-app -i redis-5` doesn't seem to use credentials automatically. The `redis-5` is seen in the `oc get is` result. – cogitoergosum Oct 21 '19 at 13:42

OpenShift - Credentials look-up for importing image

1 Answers1

Linked