Using Rahti 2 integrated registry

Manual Image Caching

It is possible to manually cache images in Rahti 2. This could be useful to remove an external dependency or improve performance.

The process is simple:

1. Install and login with OC.

2. With a terminal, connect to the Rahti 2 registry:

   docker login -p $(oc whoami -t ) -u unused image-registry.apps.2.rahti.csc.fi
   

   Info

   If you get any error, make sure you are logged in. If you run oc whoami, the command should return your username.

3. Tag the image you want to push:

   docker tag centos:7 image-registry.apps.2.rahti.csc.fi/{YOUR_PROJECT_NAME}/centos:<tag>
   

   Replace {YOUR_PROJECT_NAME} by the name of your project.

4. Push your image:

   docker push image-registry.apps.2.rahti.csc.fi/{YOUR_PROJECT_NAME}/centos:<tag>
   

You should be able to see your images in your project:

Using Manually Cached Images

Go to your project's deployment, and edit it.

Go to the Images section, make sure the option "Deploy images from an image stream tag" is clicked. Finally select the new image.

Access Control for the Rahti 2 Integrated Registry

Rahti 2 allows fine-grained control over access to the integrated image registry, enabling management of access based on user authentication.

1. Anonymous Access (system:anonymous)

This refers to users who access the registry without providing any authentication credentials. In this scenario, they have no identity attached to their requests.

• How to enable: Use the following command to allow anonymous users to pull images from your project's registry:

  oc policy add-role-to-user registry-viewer system:anonymous -n <project>
  

• Use case: Suitable for cases where you want to make images publicly accessible, allowing anyone to view or pull images without logging in.

2. Unauthenticated Access (system:unauthenticated)

This group includes all users who are accessing the system without valid authentication credentials, including anonymous users but potentially also used automated systems, scripts or external services that do not need to be authenticate.

• How to enable: Grant unauthenticated users access with the command:

  oc policy add-role-to-user registry-viewer system:unauthenticated -n <project>
  

• Use case: This is broader than system:anonymous and is useful for systems or services to access your registry without authentication.

3. Authenticated Access (system:authenticated)

Authenticated users are those who have successfully logged in using valid credentials (e.g., OAuth tokens).

• How to enable: To allow all authenticated users to access the registry:

  oc policy add-role-to-user registry-viewer system:authenticated -n <project>
  

• Use case: This allows any user with valid credentials to view or pull images, useful for restricting access.

Guide on Pulling Images from Rahti 1 Registry

To securely pull images from Rahti 1 registry to Rahti 2, follow this guide. It also explains how to convert images using Skopeo for compatibility with future releases.

Do you find this page useful?

Yes

Thank you for your feedback!

No

Thank you! Your feedback is appreciated.

Please let us know how we could improve this page by contacting us or by creating an issue in GitHub. You can also edit this page yourself and contribute your improvements by creating a pull request.