StevenBarre
commented
4 years ago The image registry in OCP4 is available internally via image-registry.openshift-image-registry.svc:5000 and externally via image-registry.apps.silver.devops.gov.bc.ca:443.
It appears that internal access works with local service accounts including the default image-puller and builder SAs out of the box. You should use this by default.
External access should be used with newly created service account when accessing the cluster from some other system.
garywong-bc
Need to know
The URL/name for the cluster registry has changed in OpenShift 4. When migrating existing manifests or pipeline steps that reference the internal cluster registry, you will want to double-check your registry URL.
Internal name (accessing from a deployment manifest):
image-registry.openshift-image-registry.svc:5000External name (accessing from an external service or workstation):https://image-registry.apps.silver.devops.gov.bc.cacommon errors
Mistakenly using an external name in your deployment manifest
The in-cluster service accounts have default access tokens configured for the internal registry, but this does not include automatically logging into the external name. Errors like the following indicate that you will want to change your registry reference in your deployment manifest to the internal name instead of the external route.
Hard-coded registry name not changed during migration
Some deployment manifests and templates may still reference the OpenShift 3 registry DNS. Check your manifest file for things like
docker-registry.default.svc:5000or even an IP address like:172.50.0.2:5000. If you see these in your manifests, you'll want to replace them with the internal name.