Use the following sections for instructions on accessing the registry, including viewing logs and metrics, as well as securing and exposing the registry.
You can access the registry directly to invoke podman commands. This allows
you to push images to or pull them from the integrated registry directly using
operations like podman push or podman pull. To do so, you must be logged in
to the registry using the podman login command. The operations you can perform
depend on your user permissions, as described in the following sections.
-
You have access to the cluster as a user with the
cluster-adminrole. -
You must have configured an identity provider (IDP).
-
For pulling images, for example when using the
podman pullcommand, the user must have theregistry-viewerrole. To add this role, run the following command:$ oc policy add-role-to-user registry-viewer <user_name> -
For writing or pushing images, for example when using the
podman pushcommand:-
The user must have the
registry-editorrole. To add this role, run the following command:$ oc policy add-role-to-user registry-editor <user_name> -
Your cluster must have an existing project where the images can be pushed to.
-
-
For more information on allowing pods in a project to reference images in another project, see Allowing pods to reference images across projects.
-
A
kubeadmincan access the registry until deleted. See Removing the kubeadmin user for more information. -
For more information on configuring an identity provider, see Understanding identity provider configuration.