1

In the Ubuntu desktop, started the OC cluster using minishift. The docker registry is available in the default namespace.

How to setup the authentication for the docker registry running inside the openshift cluster? How to allow the users like developer,system or any users of openshift to push/pull images to/from the internal docker registry?

I have enabled the route for the docker service in the openshift.

root@desktop:~# docker login -p 5d2XKusYJ9xB6sg1_uRfwPE8Ap3FQMg8_MrR9IEw3N8 -u aprasath docker-registry-default.127.0.0.1.nip.io
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
root@desktop:~# docker push docker-registry-default.127.0.0.1.nip.io/myproject/hello-world
The push refers to repository [docker-registry-default.127.0.0.1.nip.io/myproject/hello-world]
af0b15c8625b: Pushing [==================================================>]  3.584kB
unauthorized: authentication required
root@desktop:~# minishift addons list
- admin-user             : enabled  P(0)
- registry-route         : enabled  P(0)

The imagestream creation, tag and push to registry output below.

 root@desktop:~# oc create imagestream ghost
 Error from server (AlreadyExists): imagestreams.image.openshift.io "ghost" already exists

root@desktop:~ docker tag ghost docker-registry-default.127.0.0.1.nip.io/myproject/ghost:latest

root@desktop:~ docker push docker-registry-default.127.0.0.1.nip.io/myproject/ghost:latest
The push refers to repository [docker-registry-default.127.0.0.1.nip.io/myproject/ghost]
6545fabd1db4: Pushing [==================================================>]  4.096kB
e1b5357c9029: Pushing [==================================================>]  205.2MB/205.2MB
2f546e8c419e: Pushing [==================================================>]  25.33MB/25.33MB
2f5caec27732: Pushing [==================================================>]  1.287MB/1.287MB
da4dc4c42b60: Pushing [==================================================>]  3.584kB
24ad92b56299: Waiting 
4eab4d25c303: Waiting 
e2dd6cf79115: Waiting 
67ecfc9591c8: Waiting 
unauthorized: authentication required
intechops6
  • 1,007
  • 4
  • 22
  • 43
  • See how what you are doing compares to what is described in https://cookbook.openshift.org/image-registry-and-image-streams/how-do-i-push-an-image-to-the-internal-image-registry.html – Graham Dumpleton Oct 22 '19 at 01:52
  • The difference is imagestream creation. But still the commands fails.oc create imagestream ghost, docker tag ghost docker-registry-default.127.0.0.1.nip.io:443/myproject/ghost:latest, docker push docker-registry-default.127.0.0.1.nip.io/myproject/ghost:latest – intechops6 Oct 22 '19 at 02:27
  • Edit your question and add the commands you ran and errors from following that cookbook recipe. Your comment doesn't help to understand things any better. – Graham Dumpleton Oct 22 '19 at 07:50
  • @Graham Dumpleton - image stream is created and executed the tag and push to registry. The error is push command throwing the the error "authentication required" – intechops6 Oct 22 '19 at 17:01
  • You aren't showing where that token is coming from. As per instructions in cookbook, is that using `oc whoami --show-token` to get it, and does it correspond to an actual user. Or are you using a token for a service account. If a service account, it may not have appropriate role to work with the registry. – Graham Dumpleton Oct 22 '19 at 19:50
  • @Graham Dumpleton - I have logged using oc login with token that I copied from console login > "copy login command" option. I have copied the command output in the git url, gist.github.com/get2arun/54cbcb1daa471662b7ae46fe29f096dc I could not see the docker registry running inside the minishift vm. Is registry need to be running inside the vm. – intechops6 Oct 24 '19 at 13:08
  • `oc cluster up` and `minishift` are two different things. Why are you using both? You aren't likely talking to what you thing you are. Use only `minishift`. – Graham Dumpleton Oct 24 '19 at 22:31
  • @Graham Dumpleton - starting minishift failed and minishift status was showing OC as stopped. so I had to start oc. Staring minishift will not start oc cluster? Here are the minishift status logs https://gist.github.com/get2arun/9bdc8c54cdcfc4d7524ab81a4fb2bc2e – intechops6 Oct 25 '19 at 15:11

0 Answers0