Skip to content

Add mirror registry

Jump to bottom
Praveen Kumar edited this page Sep 10, 2020 · 1 revision

How to create mirror registry

Resource required for configuring the mirror registry

Step-1 Create imageContentSourePolicy

$ cat registryrepomirror.yaml 
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: ubi8repo
spec:
  repositoryDigestMirrors:
  - mirrors:
    - <my-repo-host>:<port>/ubi8-minimal
    source: registry.redhat.io/ubi8-minimal

$ oc apply -f registryrepomirror.yaml

Step-2 Add registry to openshift image config

Step-3 SSH to the VM and perform following

Here we are using the mirror registry which is self signed and behind the auth.

$ crc ip
192.168.64.92

$ ssh -i ~/.crc/machines/crc/id_rsa -o StrictHostKeyChecking=no core@192.168.64.92

<CRC-VM> $  cat /etc/containers/registries.conf 
unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]

[[registry]]
  prefix = ""
  location = "registry.redhat.io/ubi8-minimal"
  mirror-by-digest-only = true

  [[registry.mirror]]
    location = "<your-mirror-registry>:<port>/ubi8-minimal"

Step-4 If you need to have global pull secret then update the /var/lib/kubelet/config.json file inside the VM along with pull-secret on openshift-config namespace.

$ oc get secret pull-secret -n openshift-config --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode > pull-secret.json
$ oc registry login -a pull-secret.json --registry <your-mirror-registry>:<port> --auth-basic='<username>:<password>'
$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=pull-secret.json
<CRC-VM> $ cat /var/lib/kubelet/config.json
This should have same content as `pull-secret.json` file

Step-5 Restart the kubelet and crio service in the VM.

<CRC-VM> $ systemctl restart crio
<CRC-VM> $ systemctl restart kubelet

crc - Github

Clone this wiki locally