Great video. But I have some problems with re-encryption of my certs. We have our RootCA in our company. I got Rejected status: spec.tls.certificate: Invalid value: "redacted certificate data": error verifying certificate: x509: certificate signed by unknown authority
@@OCPdude Firefox. I also tried in Chrome. When I create a route I get the error: spec.tls.certificate: Invalid value: "redacted certificate data": error verifying certificate: x509: certificate signed by unknown authority
@@davorinkocbek4779 Sorry, are you getting this error on the using your docker/podman login? If you created a custom route for your internal registry, you should attach your CA to the cert as well. For example, my yaml looks like this... - sorry for some reason, RUclips prevents me from pasting basic text formatted in .yaml. I have "tls: termination: reencrypt, certificate:, key:, caCertificate:.... "
@ocpdude how do I log-in to the registry internal registry with the user name and the password. Pretty new at this. I have the image tagged the project ready and the role binding.
The user accounts accessible are those OpenShift have access too... whether they're local, ldap, etc. My accounts are linked via ldap integration. 6:52
The internal registry doesn't provide the full repository view you're likely thinking of. For this view, I would recommend other "external" registries like those provided by cloud services, Nexus, DTR, and others.
@@OCPdude Is it possible so see in logs what images are pushed and pulled through logs or by any other mean in OCR. Currently using " oc logs deployments/image-registry -n openshift-image-registry " to see the registry logs. But they are not providing any image related details.
@@magesh4806 If you monitor the image-registry-$podID (oc -n openshift-image-registry logs image-registry-59f995b7b4-ph9rf) you'll see the images being pulled into and from the registry.
When you expose the internal registry you can use that route and self-signed certificate - for my lab, I generated a cert from my internal CA. More details can be found on my GitHub link here: github.com/ocpdude/ocp-internal-registry
@@OCPdude This environment was provisioned temporarily in my organization , so I am not sure where to get those very details... Suppose I don't want to create a smaller route name then the image which I create with the original internal registry name should also be accessible right ?
@@gayu12345 It will still work with the exposed default route. It essentially works off of your wildcard *.apps.cluster.domain.com see the docs here: docs.openshift.com/container-platform/4.9/registry/securing-exposing-registry.html#registry-exposing-secure-registry-manually_securing-exposing-registry
Actually I am using Tekton Task and Pipeline to push my Maven image into the internal registry but I am getting unauthorised : authentication required error when trying to pull image from the default registry. If any email ID of urs is available, I can email u my problem with screenshots so that u can help me out if possible.
![[ Kube 69 ] Using Private Docker Registry in Kubernetes](http://i.ytimg.com/vi/r15S2tBevoE/mqdefault.jpg)
Thank you so much. This was so helpful in getting my image into openshift. really appreciate you taking the time to make these videos.
Really Good video ! I am getting real hands on information from your videos .. keep it up 👍
Very helpful! Do you have an example how to deploy a simple application with oc CLI using that custom image in the internal registry?
I launch the app at about 8:25
@@OCPdude Sure, I meant using CLI and a yml file.
@@JoseLausuch It'd be the same as normal, but you'd refer to the image based in the internal registry (registry.redcloud.land/$namespace/$image:$tag)
@@OCPdude thanks!
Great video. But I have some problems with re-encryption of my certs. We have our RootCA in our company. I got Rejected status: spec.tls.certificate: Invalid value: "redacted certificate data": error verifying certificate: x509: certificate signed by unknown authority
Is this with Chrome? Try another browser.
@@OCPdude Firefox. I also tried in Chrome. When I create a route I get the error: spec.tls.certificate: Invalid value: "redacted certificate data": error verifying certificate: x509: certificate signed by unknown authority
@@davorinkocbek4779 Sorry, are you getting this error on the using your docker/podman login? If you created a custom route for your internal registry, you should attach your CA to the cert as well. For example, my yaml looks like this... - sorry for some reason, RUclips prevents me from pasting basic text formatted in .yaml. I have "tls: termination: reencrypt, certificate:, key:, caCertificate:.... "
@ocpdude how do I log-in to the registry internal registry with the user name and the password. Pretty new at this. I have the image tagged the project ready and the role binding.
Generate a token for your account and use it as your password. Then, oc login -u username “registry”; when prompted enter the token. See @7:28
how to generate docker loging password. can you give steps?
The user accounts accessible are those OpenShift have access too... whether they're local, ldap, etc. My accounts are linked via ldap integration. 6:52
Does OCR provides any UI dashboard kind of thing to see the uploaded images ?
The internal registry doesn't provide the full repository view you're likely thinking of. For this view, I would recommend other "external" registries like those provided by cloud services, Nexus, DTR, and others.
@@OCPdude Is it possible so see in logs what images are pushed and pulled through logs or by any other mean in OCR. Currently using " oc logs deployments/image-registry -n openshift-image-registry " to see the registry logs. But they are not providing any image related details.
@@magesh4806 If you monitor the image-registry-$podID (oc -n openshift-image-registry logs image-registry-59f995b7b4-ph9rf) you'll see the images being pulled into and from the registry.
@@OCPdude Are you sure about that? Isnt this the same as Image Streams tab under Builds?
@@jaakkouusitalo1094 Sorry, I'm not sure what question you are asking. Is this about viewing logs?
From where u got the certs for the Registry??? I don't see certs for my existing internal registry.
When you expose the internal registry you can use that route and self-signed certificate - for my lab, I generated a cert from my internal CA. More details can be found on my GitHub link here: github.com/ocpdude/ocp-internal-registry
@@OCPdude This environment was provisioned temporarily in my organization , so I am not sure where to get those very details... Suppose I don't want to create a smaller route name then the image which I create with the original internal registry name should also be accessible right ?
@@gayu12345 It will still work with the exposed default route. It essentially works off of your wildcard *.apps.cluster.domain.com see the docs here: docs.openshift.com/container-platform/4.9/registry/securing-exposing-registry.html#registry-exposing-secure-registry-manually_securing-exposing-registry
Actually I am using Tekton Task and Pipeline to push my Maven image into the internal registry but I am getting unauthorised : authentication required error when trying to pull image from the default registry. If any email ID of urs is available, I can email u my problem with screenshots so that u can help me out if possible.
@@gayu12345 you need to make sure your user has the right privileges - please watch from here: ruclips.net/video/Sffe76L3fdo/видео.html
Where are your minecraft images stored? I think you have not created a pv or pvc...
Please check my GitHub, I have a Minecraft repo that better explains it. *I use themes extracted on nfs, then mount those.