Search

Chapter 2. Authenticating with the Red Hat Container Catalog

download PDF

The Red Hat Container Catalog, registry.redhat.io, requires authentication to access JBoss Data Grid for OpenShift images and resources.

You can use the following authentication mechanisms:

Credentials
The username and password for your Red Hat customer account. These credentials let you pull resources from registry.redhat.io from a single host with the docker login command. You can also use these credentials to create service accounts and generate authentication tokens.
Registry Service Account Token

A randomly generated string that you use to authenticate multiple systems.

From a high level, do the following to get an authentication token:

  1. Log in to registry.redhat.io.
  2. Create a new Registry Service Account if necessary.
  3. Generate tokens as required.

2.1. Setting Up Authentication with Service Account Tokens

After you generate a service account token, do the following to set up authentication:

  1. Navigate to your registry service account.
  2. Select the Docker Login tab and copy the command.
  3. Run the docker login command on each host system that pulls from registry.redhat.io.
  4. Verify the token is added to the Docker configuration file.

    $ cat ~/.docker/config.json
    ...
    "registry.redhat.io": {
    			"auth": "MTEwMDkx..."
    		}

2.1.1. Adding Tokens to Pull Secrets

To pull secured container images that are not available on the internal registry for OpenShift Container Platform, create a pull secret from your Docker configuration file and add it to your service account as follows:

  1. Log in to OpenShift.

    $ oc login -u username -p password
  2. Select your working project.

    $ oc project myproject
  3. Create the pull secret.

    $ oc create secret generic pull-secret-name \
      --from-file=.dockerconfigjson=path/to/.docker/config.json \
      --type=kubernetes.io/dockerconfigjson
  4. Link the pull secret to your service account. This step lets you pull images from the secure registry to the pod.

    $ oc secrets link default pull-secret-name --for=pull
  5. Mount the secret in the pod so that you can pull build images.

    $ oc secrets link builder pull-secret-name

For more information, including troubleshooting procedures, see Red Hat Container Registry Authentication.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.