Open in app

Sign in

Write

Sign in

Using IBM Cloud Pak for Applications (RedHat Openshift 4.x) internal registry with Docker and Appsody

Fxnaranjo
2 min readFeb 27, 2020

IBM Cloud Pak for Applications Develop innovative cloud-native applications using the tools and runtime of your choice. IBM Cloud Pak for Applications is an enterprise-ready, containerized software solution for modernizing existing applications and developing new cloud-native apps that run on Red Hat OpenShift.

When you try to use docker to push images to the internal openshift container registry it fails with the message: Error response from daemon: Get https://default-route-openshift-image-registry.apps.xxx.demo.com/v2/: x509: certificate signed by unknown authority.

This procedure configures Docker to entirely disregard security for the registry. This is very insecure and is not recommended. It exposes the registry to trivial man-in-the-middle (MITM) attacks. Only use this solution for isolated testing or in a tightly controlled, air-gapped environment.

First, you must expose the internal registry to public:

oc patch configs.imageregistry.operator.openshift.io/cluster --patch ‘{“spec”:{“defaultRoute”:true}}’--type=merge

Run the following commands to set the environment variables:

$export IMAGE_REGISTRY_PUSH=default-route-openshift-image-registry.apps.xxx.demo.com

$export IMAGE_REGISTRY_PULL=image-registry.openshift-image-registry.svc:5000

$export IMAGE_REGISTRY_USERNAME=kubeadmin

$export IMAGE_REGISTRY_PASSWORD=$(oc whoami -t)

$docker login -u $IMAGE_REGISTRY_USERNAME -p $IMAGE_REGISTRY_PASSWORD $IMAGE_REGISTRY_PUSH

The previous command fails with a certificate validation error:

You must create an insecure repository configuration for docker:

Edit the daemon.json file, whose default location is /etc/docker/daemon.json on Linux and add the following config:

{
“insecure-registries” : [ ”default-route-openshift-image-registry.apps.xxxxx.demo.com” ]
}

Then, restart the service: $systemctl restart docker

$docker login -u $IMAGE_REGISTRY_USERNAME -p $IMAGE_REGISTRY_PASSWORD $IMAGE_REGISTRY_PUSH

The docker command succeeds and gets logged into the internal registry

Now you can use appsody deploy using the internal registry, part of the RedHat Openshift Cluster in IBM CloudPak for Applications.

IBM
Ibm Cloud
Docker
Appsody
Ibm Cloud Pak

--

--

Fxnaranjo

Written by Fxnaranjo

0 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams