Azure Red Hat OpenShift — Internal Registry

How to get into it?

Nov 19, 2019 · 3 min read

I guess, you already started digging into Azure Red Hat OpenShift and hit already some of its drawbacks and restrictions.

As ARO is a managed service, you, as a customer, are not assigned the full privileges of the “OpenShift-ClusterAdmin” role. Some of the access restrictions can prevent you from determining the Container Registry exposed Route.

Quick Overview

The container registry is a private container image registry that runs inside OpenShift and is useful to store and control access to your built-in images.

You can access the container registry through a secure HTTPS endpoint, which allows operations such as push, pull and manage images. This endpoint is the Route to the Internal Container Registry.

From where can I get this Route?

As you have restricted access to the cluster, you will NOT be able to get the Route for your Registry using OC CLI “oc get routes -n default”.

To make your life easier, use the default format mentioned below to gain access to the ARO Internal Registry and then managing your images.

Internal Registry Name format

The Registry in OpenShift is named using a specific format, as mentioned below:



<ARO_ID> is the ID of your Azure Red Hat OpenShift cluster,

<LOCATION> is where you deployed your Azure Red Hat OpenShift cluster.

Access the Internal Registry

Before you can push or pull images, you must log in to the cluster and then to the internal registry. Different access methods can be used, which can be done using CLI or Graphical User Interface.

Let’s check both of them together !!

Login to the GUI/Console of the Internal Registry

Using Single-SignOn, you can easily and securely access the “Internal Registry Console”.

Follow the HTTPS endpoint format mentioned here to gain access to the Console:


After logging in, you should be able to see the Azure Red Hat Registry Console.

Azure Red Hat OpenShift — Internal Registry Console (GUI)

Login to the Internal Registry (CLI)

For Healthy geek users ;) use the CLI to log in to the OpenShift Internal registry.

Let’s login in first to the ARO cluster:

oc login https://openshift.<ARO_ID>.<LOCATION> \

Once done, use the token to gain access to the ARO Internal Registry:

docker login docker-registry.apps.<ARO_ID>.<LOCATION> \
-u $(of whoami) -p $(oc whoami -t)

Manage your Internal Registry

No rocket science here, you can manage, push and pull Container Images into the Registry, using docker CLI. (Ensure to download the needed docker packages first).

Push Container Images to the registry

1.Tag the Image

docker tag <SOURCE_IMAGE_NAME>:<TAG> docker-registry.apps.<ARO_ID>.<LOCATION><DEST_IMAGE_NAME>:<TAG>

2. Push the tagged image

docker push docker-registry.apps.<ARO_ID>.<LOCATION><DEST_IMAGE_NAME>:<TAG>

Ensure to update the fields; IMAGE_NAME, TAG and NAMESPACE to reflect your needs.

Do it differently

As you do not need the heavy Docker daemons anymore ;) I recommend you to do the same step with Skopeo. And you’ll notice how easy it is.


Written by

Is a DevOs & Cloud Consultant / Architect with 10 plus years of experience. He likes to immerse himself in the latest technologies, learn & getting certified

More From Medium

Top on Medium

Ed Yong
Mar 25 · 22 min read


Top on Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade