This is a cache of https://docs.okd.io/3.9/architecture/infrastructure_components/image_registry.html. It is a snapshot of the page at 2024-11-25T04:03:53.343+0000.
Container Registry - Infrastructure Components | Architecture | OKD 3.9
×

Overview

OKD can utilize any server implementing the Docker registry API as a source of images, including the Docker Hub, private registries run by third parties, and the integrated OKD registry.

Integrated OpenShift Container Registry

OKD provides an integrated container registry called OpenShift Container Registry (OCR) that adds the ability to automatically provision new image repositories on demand. This provides users with a built-in location for their application builds to push the resulting images.

Whenever a new image is pushed to OCR, the registry notifies OKD about the new image, passing along all the information about it, such as the namespace, name, and image metadata. Different pieces of OKD react to new images, creating new builds and deployments.

OCR can also be deployed as a stand-alone component that acts solely as a container registry, without the build and deployment integration. See Installing a Stand-alone deployment of OpenShift Container Registry for details.

Third Party Registries

OKD can create containers using images from third party registries, but it is unlikely that these registries offer the same image notification support as the integrated OKD registry. In this situation OKD will fetch tags from the remote registry upon imagestream creation. Refreshing the fetched tags is as simple as running oc import-image <stream>. When new images are detected, the previously-described build and deployment reactions occur.

Authentication

OKD can communicate with registries to access private image repositories using credentials supplied by the user. This allows OpenShift to push and pull images to and from private repositories. The Authentication topic has more information.