Openshift: External registry

I this post I will demonstrate howyou can use an external registry in Openshift.

Parts of the Openshift series

• Part1: Install Opeshift
• Part2: How to Enable Auto Approval of CSR in Openshift v3.11
• Part3: Add new workers to Openshift cluster
• Part4: Chane the certificates of the Openshift cluster
• Part5: LDAP authentication for Openshift
• Part6: Keycloak SSO authentication for Openshift
• Part7: Gitlab SSO authentication for Openshift
• Part8a: Ceph persistent storage for Openshift
• Part8b: vSphere persistent storage for Openshift
• Part9: Helm on Openshift
• Part10: Tillerless Helm on Openshift
• Part11: Use external docker registry on Openshift
• Part12: Secondary router on Openshift
• Part13a: Use Letsencrypt on Openshift
• Part13b: Install cert-managger on Openshift
• Part14: Create Openshift operators
• Part15: Convert docker-compose file to Opeshift
• Part16a: Opeshift elasticsearch search-guard error
• Part16b: Openshift: Log4Shell - Remote Code Execution (CVE-2021-44228) (CVE-2021-4104)

Configuring Openshift

From your client machine, create a Kubernetes secret object for Harbor.:

oc new-proyect registrytest

oc create secret docker-registry harbor \
--docker-server=https://harbor.devopstales.intra \
--docker-username=admin \
--docker-email=admin@devopstales.intra \
--docker-password='[your_admin_harbor_password]'

If you want you can add this secret to the deafult template of the project creation.

Deploy the private image on the Openshift cluster

nano registrytest-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      run: nginx
  template:
    metadata:
      labels:
        run: nginx
    spec:
      containers:
      - image: harbor.devopstales.intra/test/nginx:V2
        name: nginx
      imagePullSecrets:
      - name: harbor

oc apply -f kuard-deployment.yaml
oc get pods