This is a cache of https://docs.openshift.com/enterprise/3.0/architecture/infrastructure_components/image_registry.html. It is a snapshot of the page at 2025-01-19T04:34:15.685+0000.
Image <strong>registry</strong> - Infrastructure Components | Architecture | OpenShift Enterprise 3.0
×

Overview

OpenShift can utilize any server implementing the Docker registry API as a source of images, including the canonical Docker Hub, private registries run by third parties, and the integrated OpenShift registry.

Integrated OpenShift registry

OpenShift provides an integrated Docker registry that adds the ability to provision new image repositories on the fly. This allows users to automatically have a place for their builds to push the resulting images.

Whenever a new image is pushed to the integrated registry, the registry notifies OpenShift about the new image, passing along all the information about it, such as the namespace, name, and image metadata. Different pieces of OpenShift react to new images, creating new builds and deployments.

Third Party Registries

OpenShift can create containers using images from third party registries, but it is unlikely that these registries offer the same image notification support as the integrated OpenShift registry. In this situation OpenShift will fetch tags from the remote registry upon imagestream creation. Refreshing the fetched tags is as simple as running oc import-image <stream>. When new images are detected, the previously-described build and deployment reactions occur.

To create an image stream from an external registry, set the spec.dockerImageRepository field appropriately. For example:

{
  "apiVersion": "v1",
  "kind": "ImageStream",
  "metadata": {
    "name": "ruby"
  },
  "spec": {
    "dockerImageRepository": "openshift/ruby-20-centos7"
  }
}

After OpenShift synchronizes the tag and image metadata, it looks something like this:

{
  "kind": "ImageStream",
  "apiVersion": "v1",
  "metadata": {
    "name": "ruby",
    "namespace": "default",
    "selfLink": "/osapi/v1/namespaces/default/imagestreams/ruby",
    "uid": "9990ea5f-f35a-11e4-937e-001c422dcd49",
    "resourceVersion": "53",
    "creationTimestamp": "2015-05-05T19:11:57Z",
    "annotations": {
      "openshift.io/image.dockerRepositoryCheck": "2015-05-05T19:12:00Z"
    }
  },
  "spec": {
    "dockerImageRepository": "openshift/ruby-20-centos7"
  },
  "status": {
    "dockerImageRepository": "openshift/ruby-20-centos7",
    "tags": [
      {
        "tag": "latest",
        "items": [
          {
            "created": "2015-05-05T19:11:58Z",
            "dockerImageReference": "openshift/ruby-20-centos7:latest",
            "image": "94439378e4546d72ef221c47fe2ac30065bcc3a98c25bc51bed77ec00efabb95"
          }
        ]
      },
      {
        "tag": "v0.4",
        "items": [
          {
            "created": "2015-05-05T19:11:59Z",
            "dockerImageReference": "openshift/ruby-20-centos7:v0.4",
            "image": "c7dbf059225847a7bfb4f40bc335ad7e70defc913de1a28aabea3a2072844a3f"
          }
        ]
      }
    ]
  }
}

Querying external registries to synchronize tag and image metadata is not currently an automated process. To resynchronize manually, run oc import-image <stream>. Within a short amount of time, OpenShift will communicate with the external registry to get up to date information about the Docker image repository associated with the image stream.

Authentication

OpenShift can communicate with registries to access private image repositories using credentials supplied by the user. This allows OpenShift to push and pull images to and from private repositories. The Authentication topic has more information.