Red Hat Summitこのコンテンツは選択した言語では利用できません。
Chapter 2. Authenticating with the Red Hat Container Catalog
The Red Hat Container Catalog, registry.redhat.io, requires authentication to access JBoss Data Grid for OpenShift images and resources.
You can use the following authentication mechanisms:
- Credentials
-
The username and password for your Red Hat customer account. These credentials let you pull resources from registry.redhat.io from a single host with the
docker logincommand. You can also use these credentials to create service accounts and generate authentication tokens. - Registry Service Account Token
A randomly generated string that you use to authenticate multiple systems.
From a high level, do the following to get an authentication token:
- Log in to registry.redhat.io.
- Create a new Registry Service Account if necessary.
- Generate tokens as required.
2.1. Setting Up Authentication with Service Account Tokens
After you generate a service account token, do the following to set up authentication:
- Navigate to your registry service account.
- Select the Docker Login tab and copy the command.
-
Run the
docker logincommand on each host system that pulls from registry.redhat.io. Verify the token is added to the Docker configuration file.
cat ~/.docker/config.json ... "registry.redhat.io": { "auth": "MTEwMDkx..." }$ cat ~/.docker/config.json ... "registry.redhat.io": { "auth": "MTEwMDkx..." }Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.1. Adding Tokens to Pull Secrets
To pull secured container images that are not available on the internal registry for OpenShift Container Platform, create a pull secret from your Docker configuration file and add it to your service account as follows:
Log in to OpenShift.
oc login -u username -p password
$ oc login -u username -p passwordCopy to Clipboard Copied! Toggle word wrap Toggle overflow Select your working project.
oc project myproject
$ oc project myprojectCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create the pull secret.
oc create secret generic pull-secret-name \ --from-file=.dockerconfigjson=path/to/.docker/config.json \ --type=kubernetes.io/dockerconfigjson
$ oc create secret generic pull-secret-name \ --from-file=.dockerconfigjson=path/to/.docker/config.json \ --type=kubernetes.io/dockerconfigjsonCopy to Clipboard Copied! Toggle word wrap Toggle overflow Link the pull secret to your service account. This step lets you pull images from the secure registry to the pod.
oc secrets link default pull-secret-name --for=pull
$ oc secrets link default pull-secret-name --for=pullCopy to Clipboard Copied! Toggle word wrap Toggle overflow Mount the secret in the pod so that you can pull build images.
oc secrets link builder pull-secret-name
$ oc secrets link builder pull-secret-nameCopy to Clipboard Copied! Toggle word wrap Toggle overflow
For more information, including troubleshooting procedures, see Red Hat Container Registry Authentication.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}