Search code examples
redisopenshiftdocker-registryredhat-containers

OpenShift - Credentials look-up for importing image


I am able to a launch an application with the Redis image from RedHat - registry.redhat.io/rhel8/redis-5 using the following steps.

  1. Create a service account at RedHat https://access.redhat.com/
  2. Download the YAML (see below) for image pull secret once a token is created for that account.
  3. Use the YAML file to create a secret.
  4. Import the image.
apiVersion: v1
kind: Secret
metadata:
  name: accoutNum-userName-pull-secret
data:
  .dockerconfigjson: token-value....long........string
type: kubernetes.io/dockerconfigjson

Add secret and import image:

oc create -f secret.yaml
oc import-image rhel8/redis-5 --from=registry.redhat.io/rhel8/redis-5 --confirm

The image meta data is imported:

oc get is
NAME      DOCKER REPO                       TAGS     UPDATED
redis-5   172.30.1.1:5000/project/redis-5   latest   About a minute ago

I am not clear how the import statement locates the secret to be used.


Solution

  • OpenShift lookup automatically the authentication from type of kubernetes.io/dockerconfigjson in the same namespace(project) if the registry is required authentication when pulling/push images. So if you need to access multiple external registry, then just create matched secret with the credential per registry.

    I hope it help you, thanks.