Pulling Images from External Container Registry to OpenShift Cluster via ImageStream
OpenShift Container Platform can create containers using images from third-party registries. OpenShift Container Platform will fetch tags from the remote registry upon image stream creation, We can perform this action by fetching the tags with oc import-image <stream>
.
Steps to Create Image Stream
1. For the import-image
command to work, we created a pull secret for the Azure Container registry image stream.
$ oc create secret docker-registry <pull_secret_name> \
--docker-server=<registry_server> \
--docker-username=<user_name> \
--docker-password=<password> \
--docker-email=<email>
2. To use a secret for pulling images for pods, you must add the secret to your service account. The name of the service account in this example should match the name of the service account the pod uses; default is the default service account:
xxxxxxxxxx
# oc secrets link default <secret-name> --for=pull
# oc secrets link deployer <secret-name> --for=pull
xxxxxxxxxx
Note: Since we are pulling image from external container registry so we do not need builder service account for building the image.
3. Once we have the pull secret in place and is linked to pull images, we can use the image stream to fetch the image tag for the local OCP cluster image registry:
x
# oc import-image <image-name-that-you-want-locally>:<tag> --from=<registry name>/<image-name-mentioned-in-container-registry>:<tag> --confirm --scheduled=true
4. Once the image stream is created, we need to create an application from it.
xxxxxxxxxx
# oc new-app <imagestream name> --name <application name>
5. We then need to expose service, that is, create a route.
xxxxxxxxxx
# oc expose service <service name>