TechQA.

How to `docker login` to OpenShift Docker registry

8.9k views Asked by At

I am using Redhat OpenShift 4.4.17 deployed in Azure.

I logged in to OpenShift as administrator.

I have a Docker image locally, now I need to push my docker image to OpenShift Docker registry.

I am using below command

docker login -u <user_name> -p `oc whoami -t` image-registry.openshift-image-registry.svc:5000

I am getting error as:

Error response from daemon: Get https://image-registry.openshift-image-registry.svc:5000/v2/: dial tcp: lookup image-registry.openshift-image-registry.svc: no such host"

What can I try to resolve this?

please see this one:

$ oc get route -n openshift-image-registry

 NAME                HOST/PORT

default-route default-route-openshift-image-registry.

PATH SERVICES PORT TERMINATION WILDCARD

       image-registry   <all>     reencrypt     None
azure docker openshift docker-registry openshift-client-tools
Original Q&A
1

There are 1 answers

8
Daein Park On BEST ANSWER

image-registry.openshift-image-registry.svc:5000 can not be resolved at the external of the Openshift cluster, because it's internal registry service name. So you should access to the internal registry service through the Route hostname of the registry in order to do docker login. Refer Exposing a secure registry manually, if the internal registry was not exposed.

// expose the internal registry to external using Route.
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

// Verify the internal registry Route hostname.
$ oc get route -n openshift-image-registry
NAME            HOST/PORT                                                            PATH   SERVICES         PORT    TERMINATION   WILDCARD
default-route   default-route-openshift-image-registry.apps.clustername.basedomain            image-registry   <all>   reencrypt     None

// Try to login using the internal registry Route hostname.
$ docker login -u <user_name> -p $(oc whoami -t) default-route-openshift-image-registry.apps.clustername.basedomain

Here is my test evidence using podman as follows. First of all, you should place and update the trusted CA of your Router wildcard certificates on your client host which is executed the docker or podman client.

# podman login  -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Login Succeeded!

Additionally, if you face "x509: certificate signed by unknown authority" error message, then you should place the Router trusted CA on your host or should use "--tls-verify=false" in podman case or the same option for docker case instead of that.

# podman login  -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Error: error authenticating creds for "default-route-openshift-image-registry.apps.<clustername>.<basedomain>": pinging docker registry returned: Get https://default-route-openshift-image-registry.apps.<clustername>.<basedomain>/v2/: x509: certificate signed by unknown authority

# podman login --tls-verify=false  -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.<clustername>.<basedomain>
Login Succeeded!

Related Questions in AZURE

Related Questions in DOCKER

Related Questions in OPENSHIFT

Related Questions in DOCKER-REGISTRY

Related Questions in OPENSHIFT-CLIENT-TOOLS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions