Red Hat Container Registry Authentication

Red Hat Registries
Getting a Red Hat Login
Using Authentication
Registry Service Accounts for Shared Environments
Managing Registry Service Accounts

Creating Registry Service Accounts
Modifying Authentication Tokens
Allowing Pods to Reference Images from Other Secured Registries
Learning More About Red Hat Registry

Red Hat distributes container images from two locations: registry.access.redhat.com (no authentication needed) and registry.redhat.io (authentication required). Container images from third party vendors are available from registry.connect.redhat.com. This article describes how you can:

Use registry.access.redhat.com, with no authentication required.
Learn about how authentication works with registry.redhat.io.
Create a registry Service Account for use on shared systems.

Red Hat Registries

Red Hat distributes container images through three different container registries:

Registry	Content	Supports unauthenticated access	Supports Red Hat login	Supports registry tokens
registry.access.redhat.com	Red Hat products	Yes	No	No
registry.redhat.io	Red Hat products	No	Yes	Yes
registry.connect.redhat.com	Third-party products	No	Yes	Yes

Although both registry.access.redhat.com and registry.redhat.io hold essentially the same container images, some images require an active Red Hat account and are only available from registry.redhat.io.

To use the registry.redhat.io registry, you have to have a Red Hat login. If you are a customer with entitlements to Red Hat products, you already have an account. This is the same type of account that you use to log into the Red Hat Customer Portal (access.redhat.com) and manage your Red Hat subscriptions.

If you do not have a Red Hat account, you can get a free Red Hat account by signing up for one of the following:

Red Hat Developer Program: Signing up for a free developer account gives you access to developer tools and programs.
30-day Trial Subscription: Signing for a 30-day trial subscription gives you access to selected Red Hat software products.

Once you agree to the terms and get a Red Hat account, you can use that account to log into the new Red Hat registry and get images. Keep in mind that you would still need entitlements from Red Hat to add or update RPM packages while building or updating an image using yum.

Using Authentication

To retrieve content from an authenticated registry, you will need to log into the registry using either your Customer Portal, Red Hat Developer, or Registry Service Account credentials.

Note: for pulling images from a Red Hat OpenShift Container Platform cluster, it's needed to check if the current pull secret is valid. Refer to Manual podman pull fails within OCP 4 nodes to check that the credentials in the pull secret are valid, and if needed, change the global pull secret.

To login to the registry.redhat.io registry, you can use either the podman login, skopeo login, and buildah login commands. You can replace any docker command examples used throughout this article with the podman command. From OpenShift, Satellite, or other shared environments, you must use Service Accounts for authentication.

To use Podman to authenticate to registry.redhat.io:

# podman login registry.redhat.io
Username: myrhusername
Password: ***********

To use Skopeo to authenticate to registry.redhat.io:

# skopeo login registry.redhat.io
Username: myrhusername
Password:  ***********

To use the docker login command to authenticate to registry.redhat.io:

# docker login https://registry.redhat.io
Username: myrhusername
Password:  ***********

You can pull the image from the registry.redhat.io registry as follows:

Using the Skopeo command:

skopeo copy docker://registry.redhat.io/rhel8/pcp containers-storage:registry.redhat.io/rhel8/pcp

Using the Podman command:

# podman pull registry.redhat.io/rhel8/rsyslog
Username: myrhusername
Password:  xxxxxxxxxxx

When you log into the registry, your credentials are stored in your ${XDG_RUNTIME_DIR}/containers/auth.json file. Those credentials are used automatically the next time you pull from that registry. Here is an example of that file:

   {
           "auths": {
                   "https://registry.redhat.io": {
                           "auth": "c2xmams6c2RmbGtq"
                   }
           }
   }

For other ways to save these credentials, see the config.json description on the docker login page.

For OpenShift 3.x nodes you will have an additional step. After you log in, you will need to copy ~/.docker/config.json to /var/lib/origin/.docker/config.json and restart the node.

# cp ~/.docker/config.json /var/lib/origin/.docker/config.json; systemctl restart atomic-openshift-node

Registry Service Accounts for Shared Environments

To consume container images from registry.redhat.io in shared environments such as OpenShift, it is recommended for an administrator to use a Registry Service Account, also referred to as authentication tokens, in place of an individual's Customer Portal credentials.

Service Accounts are a mechanism provided to a Customer Portal organization, used exclusively for authenticating to and retrieving content from registry.redhat.io. The use of Service Accounts is encouraged to prevent the need to use Customer Portal credentials on shared systems, in contrast to Customer Portal accounts, Registry Service Accounts are resilient to some security controls applied to Customer Portal accounts, such as mandated password resets. Once created, Registry Service Accounts do not expire and are active until removed.

The management of Service Accounts is available via the Registry Service Account management application. You have the freedom to decide how many Service Accounts are created and how they are used on your systems, as a guideline, you may opt to use one Service Account per shared system (such as an OpenShift Container Platform cluster).

Managing Registry Service Accounts

Within the application for Service Account Management, there is a simple approach to split authorization for management of tokens. The ability to create, modify, or remove Service Accounts is defined by whether a Customer Portal login has the Organization Administrator role assigned.

Customer Portal Organization Administrators can:

View all Registry Service Accounts created for an organization.
Create Registry Service Accounts.
Modify or remove any Registry Service Accounts.

Customer Portal Users (non-organization Admins) can:

View all Registry Service Accounts for an organization.
Create Registry Service Accounts.
Only modify or remove Registry Service Accounts they have created.

Regardless of which user creates a Service Account, the account can be viewed by other Customer Portal users within the same organization. There is no functionality to conceal a Service Account and its associated credentials from being viewed by others within the organization.

Creating Registry Service Accounts

Navigate to the Registry Service Account Management Application, and log in if necessary.

From the Registry Service Accounts page, click New Service Account button.
Provide a name for the Service Account. It will be prepended with a fixed, random string.
- Enter a description.
- Click create.
Navigate back to your Service Accounts.
Click the Service Account you created.
- Note the username, including the prepended string (i.e. XXXXXXX|username). This is the username which should be used to login to registry.redhat.io.
- Note the password. This is the password which should be used to login to registry.redhat.io.

There are tabs available within the Token Information page which offer guidance on how to use the authentication token for various scenarios. For example, the Docker Login tab demonstrates how the token can be used with the docker CLI.

Modifying Authentication Tokens

As with Service Account creation, accounts can be modified or deleted as part of the functionality provided by the management application. These can each be invoked from the Registry Service Accounts page using the pop-up menu to the right of each authentication token. The description for each function is described as follows:

Regenerate token: Allows an authorized user to reset the password associated with the Service Account, the username for the Service Account does not change.
Update Description: Allows an authorized user to update the description for the Service Account.
Delete Account: Allows an authorized user to remove the Service Account.

Warning: The regeneration or removal of Service Accounts will impact any systems which may be using the token to authenticate and retrieve content from registry.redhat.io.

Allowing Pods to Reference Images from Other Secured Registries

The .dockercfg file (or $HOME/.docker/config.json for newer Docker clients) is a Docker credentials file that stores your information if you have previously logged into a secured or insecure registry.

To pull a secured container image that is not from OpenShift Container Platform’s internal registry, you must create a pull secret from your Docker credentials and add it to your service account.

If you already have a .dockercfg file for the secured registry, you can create a secret from that file by running:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockercfg=<path/to/.dockercfg> \
    --type=kubernetes.io/dockercfg

Or if you have a $HOME/.docker/config.json file:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson

If you do not already have a Docker credentials file for the secured registry, you can create a secret by running:

$ oc create secret docker-registry <pull_secret_name> \
    --docker-server=<registry_server> \
    --docker-username=<user_name> \
    --docker-password=<password> \
    --docker-email=<email>

To use a secret for pulling images for pods, you must add the secret to your service account. The name of the service account in this example should match the name of the service account the pod uses; default is the default service account:

$ oc secrets link default <pull_secret_name> --for=pull

To use a secret for pushing and pulling build images, the secret must be mountable inside of a pod. You can do this by running:

$ oc secrets link builder <pull_secret_name>

For builds, you must also reference the secret as the pull secret from within your build configuration.

Learning More About Red Hat Registry

Here are a few other resources to help you get started with registry.redhat.io:

Troubleshooting: If you are in a security-hardened environment, you may need to make internal changes to whitelist registry.redhat.io on proxies. You can follow the Troubleshooting Authentication Issues with registry.redhat.io article to verify connectivity with registry.redhat.io.
Where to get further help: If you need further help, open a support ticket for your product through the Red Hat Customer Portal.

59 Comments

Red Hat Community Member 25 points

10 October 2018 11:27 AM

Aurélien Pupier

broken link Red Hat Developer Program: Signing up for a free developer account gives you access to developer tools and programs. points to https://access.redhat.com/developers.redhat.com whcih is giving a 404

Red Hat Guru 2010 points

10 October 2018 11:59 AM

Chris Negus

Thanks for pointing that out, Aur élien. I fixed the link. It should have been https://developers.redhat.com.

Red Hat Active Contributor 307 points

2 January 2019 2:28 PM

Jerczey Godoy

Hello! great note, I came here because my CDK 3.7.01 did not downloaded the images. I've created the account on config.json by authenticating with docker login.. then I created the secret on the openshift project, and then I imported the images, here some notes:

0) make sure you have proper credentials. 
1) docker login (so that the .docker/config.json gets created)
2) oc create secret generic "redhat.io" --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson
3) oc import-image --all=true redhat-sso72-openshift

this allowed me to import the images just for the selected imagestream for rh-sso 7.2

CM Newbie 5 points

22 February 2019 12:27 PM

Colin Moreno Burgues

Is there a way to get registry.redhat.io catalog as you could do with a private docker registry by command to API?

Example:

curl -X GET https://myprivateregistry.fqdn/v2/_catalog
{"repositories":["flk_cfrequeststchk","portainer/agent","portainer/portainer","rh7-php56-fpm-rhel7","rhel7-minimal","rhel7minimalrphy27"]}

#Like....
curl -X GET https://registry.redhat.io/v2/_catalog

Regards

Red Hat Active Contributor 128 points

26 March 2019 9:11 PM

Kevin Chung

RHCA RHCE

For the step to apply config.json to OpenShift nodes, the command syntax was incorrect.

# cp ~/.docker /var/lib/origin/ systemctl restart atomic-openshift-node

should be this instead:

# cp ~/.docker/config.json /var/lib/origin/.docker/config.json; systemctl restart atomic-openshift-node

Red Hat Guru 2010 points

27 March 2019 1:01 PM

Chris Negus

Thanks for making that change, Kevin. I published it.

EN Newbie 15 points

26 June 2019 9:51 PM

Eric Noriega

When creating shared registry tokens,

1) The web site says you can use underscores in the name, but it will not validate. 2) Using uppercase letters in the name will cause the returned secret to be invalid, since the secret name is required to be DNS compliant. You need to edit the yaml in order to set the name lowercase.

PD Newbie 15 points

24 July 2019 4:06 PM

Pravin Deshmukh

Hi, I am using minishift on my Windows laptop. I tried to import images from Red Hat registry with following command,

$ minishift addons apply xpaas

However I get following error while browsing through the image list,

Internal error occurred: Get https://registry.redhat.io/v2/fuse7/fuse-console/manifests/1.0: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/articles/3399531. Timestamp: 2019-07-24T15:13:41Z Error count: 2

Appreciate if you could help me resolve this.

Thanks, Pravin

MM Red Hat Newbie 7 points

20 August 2019 10:08 AM

Michal Maléř

I created a draft for this: https://access.redhat.com/node/3399531/draft Tried to make the procedure look more explicit

Red Hat Guru 2010 points

20 August 2019 12:21 PM

Chris Negus

Those changes look good Michal, so I published them. In the old days, we used to mark commands in bold, to make it clearer when a # was a prompt and not indicating a comment. It's good to remind people every once in a while that # means a command run by the superuser and # in a file is a comment.

AI Community Member 25 points

18 October 2019 9:54 AM

Artur Irla

I'm not able to log in using mu username and password. From docker:

"Get https://registry.redhat.io/v2/: unauthorized"

Trying with curl -Lv -u : "https://sso.redhat.com/auth/realms/rhcc/protocol/redhat-docker-v2/auth?service=docker-registry&client_id=curl&scope=repository:rhel:pull" :

{"errors":[{"code":"UNAUTHORIZED","message":"Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/articles/3399531","detail":[{"type":"repository","name":"rhel","actions":["pull"]}]}]}.

But when I've created Registry Service Account I'm able to login using the token. Is this normal behavior?

Red Hat Active Contributor 358 points

23 October 2019 9:07 AM

Pedro Jose Amoedo Martinez

Hi Artur, AFAIK, is not a normal behavior, you should be able to login using also your Customer Portal credentials if you have any subscription, can you please try the following command instead of docker login?

$ podman login registry.redhat.io --log-level debug

Best Regards.

AI Community Member 25 points

31 October 2019 6:57 AM

Artur Irla

Don't know why after I've changed password everything works fine.

Red Hat Active Contributor 358 points

31 October 2019 9:26 AM

Pedro Jose Amoedo Martinez

Difficult to know, maybe some sync issue. Anyway, I'm glad you could solve it.

Regards.

kS Newbie 5 points

17 November 2019 8:55 PM

kevin Smith

Hello All,

I cannot see anything when I look at https://access.redhat.com/terms-based-registry/. I am logged in with my partner account. I will also raise a support call. I just see the rotating circle any ideas before I raise a support call? I have accepted the terms of the developer network.

Any help much appreciated,

Kevin.

vc Community Member 25 points

28 April 2020 7:31 AM

vamshidhar cholleti

Hi, Am working on mirror registry as part of Air-gap installation of our product, I am following this link. "https://docs.openshift.com/container-platform/4.2/installing/install_config/installing-restricted-networks-preparations.html#installation-restricted-network-samples_installing-restricted-networks-preparations" as part of it , am facing an issue while executing second command i.e. "oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ip-10-0-3-204.us-east-2.compute.internal:5000/rhscl/ruby-25-rhel7:latest"

And the error is : "error: unable to retrieve source image registry.redhat.io/rhscl/ruby-25-rhel7 by tag latest: Head https://registry.redhat.io/v2/rhscl/ruby-25-rhel7/manifests/latest: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication error: an error occurred during planning"

Can any one please help me out of this issue. Thanks.

Red Hat Active Contributor 358 points

28 April 2020 8:39 AM

Pedro Jose Amoedo Martinez

Hi Vamshidhar,

Please note that Using Samples Operator imagestreams with alternate or mirrored registries step is what we call a second-day operation that has to be performed once the cluster has been installed and you are logged in as cluster-admin.

If needed, you can also locally test that image with your registry.redhat.io credentials as follows:

$ podman login registry.redhat.io
$ skopeo inspect docker://registry.redhat.io/rhscl/ruby-25-rhel7:latest

NOTE: If more help is needed, please create a support case and we'll properly guide you with the troubleshooting over there.

Best Regards.

vc Community Member 25 points

29 April 2020 6:30 AM

vamshidhar cholleti

Thanks for your response @Pedro Jose Amoedo Martinez. But have some doubts regarding your response. Please let me know the answers of these following questions: I am executing these steps in mirror registry where the Openshift is yet to install and only oc cli is installed in it. Am I executing in correct place or not Cluster means Openshift 4.3 cluster or the linux machine with mirror registry and oc cli installed in it?

Thanks.

where exactly I need to install these commands?

Red Hat Active Contributor 358 points

29 April 2020 9:04 AM

Pedro Jose Amoedo Martinez

Hi Vamshidhar, that's exactly what I thought, you are trying to execute a post-installation step within your mirror registry host, but that optional step for samples operator imagestreams is to be run after the cluster is properly installed, in your case it should be sufficient with the previous step Mirroring the OpenShift Container Platform image repository to proceed with the installation.

Best Regards.

vc Community Member 25 points

4 May 2020 6:09 AM

vamshidhar cholleti

got it. Thanks Pedro Jose Amoedo Martinez.

vc Community Member 25 points

7 May 2020 2:31 PM

vamshidhar cholleti

Hi Pedro, How are you? Expecting a small favour from you in the form of your response. Here is the issue description: While I am trying to execute this command "oc adm -a ${LOCAL_SECRET_JSON} release mirror \ --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE} \ --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}" to mirror the repository, following this link "https://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations"

But am facing this issue. "

phase 0: ip-172-31-44-157.us-east-2.compute.internal:5000 ocp4/openshift4 blobs=215 mounts=0 manifests=103 shared=5

info: Planning completed in 19.54s error: unable to upload blob sha256:3fc3359a0bc4dc77e62184a2977a509360097f22ef997dfe77fdd957358b7caf to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:23302e52b49d49a0a25da8ea870bc1973e7d51c9b306f3539cd397318bd8b0a5 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:c34d29490c36c7c29a7b4f5b7d2349dd83b44854b11f5390a1e8b97dcfc89ea6 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:0980f3533926bf4f1d0cdf540ccdb3d12727b3419d511b4b79b9be7ec60c283f to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-release: failed to upload blob sha256:b0daa1bac4a057d5dc10d02c1da08d4727196ea17181379b29c3acfefd612927: unauthorized: authentication required error: unable to upload blob sha256:4e603fc2e875301213528d2dd99dd4b0d738be518189552f9ffe0347f1d8622c to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:33b5eefe01c0c10dfaae5a21a8a9cba2bb5c017f95ed4747244e31f87dfb9d07 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-release: failed to upload blob sha256:cf5693de4d3cdd6f352978b87c8f89ead294eff44938598f57a91cf7a02417d2: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:214dd8c485d8ff896e9568fd826dda492d742ed62fc956d8d2b15d57ced1f470: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:f877b971af21e4c319457cf3f5803c0ef972959c163ea0b3bb080c7f63e85377: unauthorized: authentication required error: unable to upload blob sha256:735eea48633302cb2ffc890fb74aae8f88f78f89e5b0fd937f5e18f165040100 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:8185a79560513ce19a03de5a964d6f99582ce2dc01191bd5fc61135dc7d4f160 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:41497369317a5c2d8b5618c137f98ef3a95048e6d8ef1addfccc6447737b0248 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:8eefb38aa6990799be555ed23c5a9382754459fb4ff7a4aa5cfaff09d65782ec: unauthorized: authentication required error: unable to upload blob sha256:76d1ea2b00c79775863c70ecd06a4a4d97623184afb3b0aa4d3147d8143bdf90 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:a5a62a06b550ddde14fe51cb3038a5f2871f582fc6a7f45e070873297d9670ac: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:ef6d99a0dcb9d1679b0789ed4e04dec2369c251b2f66ec6a9e831098cc66cfae: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:7295647469cc1f751f86d3e0a56ed5c8767f70ec2954bdf9c8a6d31cdebe1925: unauthorized: authentication required error: unable to upload blob sha256:20520aab13927d2d3575d8483f8389caff18f0ca63d5f6f801fce0ef80a481e8 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:82900c6b38c2cb4f2813c2a7213e14f1f52ff35639e175e1e351c703e5b6f6a6 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:77ba89edcb5957d3111f0cbf802082cf389deb83feb8971bbd75bc25fb8de8ab to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:23302e52b49d49a0a25da8ea870bc1973e7d51c9b306f3539cd397318bd8b0a5 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:37b9339e947a92390db77a869cd1e27bf54a7c5394216739425f3ff9e58a72f7: unauthorized: authentication required error: unable to upload blob sha256:d634ba04e77a60e2916463fbaa53f409761682d40f89258e0a6377894a12ba6f to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:77a0c17a1430ba841c4edec4d2e1b083e486fbad4da79b5cc1c1e2797ba46fe5: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:3835a6160030090b244fa6025afe33991580e0c222921aaa961da0e7a2c2d6de: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:99a236b3bcafa33f8db34903b24eb6fb8267fa1b010d3c0e6c6cd36d2f33fd62: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:383a87ff7b1bd537e527cbe8ddd06bea31d957d75cc18dd4a65aa058ab2362a4: unauthorized: authentication required error: unable to upload blob sha256:95da825607de4f0d5c938aef4845578144de9c1b7a226fcb41ee26b28abc0ac2 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:0bb54aa5e97745c8692f6fc54dadca5b4b645a724ba5df96ecb762626d083981 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:939cdbe548914c2421b80552c2aa98bf2d4dd45e5042c619779d24bbfe9abd01 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:e4e559866e8975226786d9829ec87dfc2c6996c079ff22e4f9fbc8166c90bd1c: unauthorized: authentication required error: unable to upload blob sha256:ac7e2991e99016c797fda44ea0b80fb7b6b29ca49e36ad7ab681a06fd14673fd to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:b0961e362fa91b68178131a414b491909cfb5f4c5be1bcff564dd9d9aa818dce to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:ef7d68f7c558e3bd0e2256bbe5a0178b8586150600042ae8e8fa084cad7812fe: unauthorized: authentication required error: unable to upload blob sha256:737ae892ee19b9a4b996afb370017040fcbdf468bafbf4d2691794fea12011cc to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:15b04cdb62e727e92767ae11648052f51c069f4815a709af42dcf77f01cb8f5d to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:fcfe07c042e15fc68c38720393cf55d6e78d5ff3540461f42aa984bfa1cab7f5 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:4b31001f734df0eee2598a1c31c22cbfab48e5c1be8bcb341fae32872269c8d4 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:5f768abf4910cee88e2b36591e21134db0da8777ec5af41b43f86d17bec25ee9: unauthorized: authentication required error: unable to upload blob sha256:35ddd8fa88d8caf31c54487128eee1b34386656755a091f5b85733e3ade1d058 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:649529f906d9529f5a43577dd0b8d51742a6881449fc28a33a419c3073cbdc35 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:0fc1182c57350e438bde64d8bd165719b13df085b52a81886a64045e0cf8950b: unauthorized: authentication required error: unable to upload blob sha256:0fcc595e5839e7f7a74c78afcdf12751f2f2a1522620b97048adfbd4812d825f to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:59690687fd8c516768834561e7a1885a66d27df1e4e81ae59f8fd93c1e2f33b6: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:66699186eb4c0ffccbd1a3fc47946ff8a2c1f6464c71f77c84b4b4e69affc10c: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:157b76865e6dc16d979a8e55307ed4578b5e4e801abce5b234078c6a9237c714: unauthorized: authentication required error: unable to upload blob sha256:abc5d653995bf06a74c8069c808b116ca639ce031200a13a78c6480b4a5d4840 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:186faf513f3008a8495eb46db8689081c69a723e625915ff73f4ad25d0e8ccbf to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:17f02cf95c8923e90a013fb21380cbae8ba74f3022a39a3426f3be643b850ea8 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:eadd89a9df3b791a3c34260c2d7c3c5bfd0e32098093686506dd3028740e51ed to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:febb64a650bdfa5f53037ed1670786c3ff7bda5ae3b994afe660278d208ae179 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:735eea48633302cb2ffc890fb74aae8f88f78f89e5b0fd937f5e18f165040100 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:c0d4963f76b766cb0c9922381fc5858cbf4e548352d1c04f65604708f8a83e08: unauthorized: authentication required error: unable to upload blob sha256:bc80eefccbe9f372142ee59c485eabd1de2a46f74ec8ec26a12bafbfe7fb3f67 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:b943c893b7ea1a55bb5555d0b36fd613ab6e1b56cee8799a0f61ea3375cadd2e: unauthorized: authentication required error: unable to upload blob sha256:58ed827d533cf7aaf43b1ef5fdc77732b82a564954364d6d1d6c849ccdd59be0 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:deabebe5681fcb1d9c9a1e4b7821b9670dd6299cfb67d204823654e44d21d64a: unauthorized: authentication required error: unable to upload blob sha256:6c2dca50ad0027a3b5e31f87977968e7deedf74bcdea3fc43a5973f4794e4a62 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:341971078737eba88f8696e286233324fa690c2b3174f1a22fb2a7de4be38d43 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:d913f055e25e6bd63cdce6106f7bebb8e65314c28076454c59729cad0cf8721a: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:dcf8430987e5d56772e91c5d821ca982fc4530c0bd1974d75bd8be69808f4ddd: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:112c82a83cbd456a393f6f6b85119bb2b3549eca82199d787b2591281be87363: unauthorized: authentication required error: unable to upload blob sha256:eb37c030717256accc13b265979953ab5f8d459fbed7b5d0eec8ea1c6a924a07 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:ffec2e9938b3ebb7e00028eb5b54d8cdd6c72034ed0ab2a08248bd70b38b3b64: unauthorized: authentication required error: unable to upload blob sha256:e9cadd8e37a2f2cecd1a624820364b91b4e7dd7647e1b5a41e3ea1175631e402 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:edba86fb8a8005a79946ee9d27c47cc79933ba73857e219b52fbac581cc6a7f6: unauthorized: authentication required error: unable to upload blob sha256:3fc3359a0bc4dc77e62184a2977a509360097f22ef997dfe77fdd957358b7caf to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob sha256:02375d1250e9e8627a738ce72050e77dd101a93f56a58002cdba3f5cfe9d6cc3 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:ecf206ba7ce792ca51d657a15ba0a41671ca15c6659af51af8b2df6a104e2f46: unauthorized: authentication required error: unable to upload blob sha256:6e634b4abb3b9d3f93f2d9f95a41f567435a74eb2b72c52ccced51b56b332882 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:630d792e7fe7c026abd4eb8fb2408334e672bfbd223dac128ba876778787815a: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:a00143a0944f7107161bdb97737bc4940292c17626b1bfd112ee7dae2b8ebd46: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:a04ae9bf26f654e52c7bdf2ec6679185aa08ee96a036781dd390ad4261f28872: unauthorized: authentication required error: unable to push quay.io/openshift-release-dev/ocp-v4.0-art-dev: failed to upload blob sha256:648b1f684f8dec323f40b9e80bffe60a23523d3b2d2681230a4d2999e19e2e1e: unauthorized: authentication required error: unable to upload blob sha256:d035b2474293b39442b598d2c6d535f8f1fe3b3b7fca8cfecefb0c23a942f0a5 to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required error: unable to upload blob error: unable to upload blob sha256:3fc3359a0bc4dc77e62184a2977a509360097f22ef997dfe77fdd957358b7caf to ip-172-31-44-157.us-east-2.compute.internal:5000/ocp4/openshift4: unauthorized: authentication required "

Can anyone help me out of this issue.

Red Hat Active Contributor 358 points

7 May 2020 2:50 PM

Pedro Jose Amoedo Martinez

Hi Vamshidhar, I must insist that you raise a support case for this, this is not the proper place for this type of troubleshooting neither to post such a long command output, thanks for your understanding.

Best Regards.

SY Newbie 10 points

4 May 2020 6:41 AM

Shashidhar Y

AWS restricted network cluster setup - CSR issue ( oc get csr not displaying anything after adding worker machines ). Do I need to open any ports for outbound access?

I'm using Openshift 4.3.12

I'm trying to setup Openshift cluster in AWS with restricted network. I'm using user provisioned infrastructure and following this link https://docs.openshift.com/container-platform/4.3/installing/installing_aws/installing-restricted-networks-aws.html

I'm setting AWS restricted network cluster setup. I have a VPC with public and private subnet. In public subnet I configured mirror registry and in private registry I configured my openshift cluster. VPC has "internet gateway attached". As a restricted AWS cluster install in private subnet where my openshift cluster is configured I removed outbound access and added rules to limit all traffic for public and private subnet CIDR range using private subnet Network ACL.

After adding worker machines, I executed command "oc get csr" and I couldn't see any pending CSR request, its empty. Then I added a rule in my private subnet Network ACL to allow all traffic to 0.0.0.0/0, then I'm able to see all pending requests to CSR.

kube-controller-manager only approves the kubelet client CSRs, why it requires to open all traffic to everyone?

As I don't want to open all traffic, is there any specific ports I need to open to specific IP range for CSR pending requests?

If this is not a proper place to post this question, can you please let me know "where to post this"

Red Hat Active Contributor 358 points

7 May 2020 2:54 PM

Pedro Jose Amoedo Martinez

Hi Shashidhar, please raise a support case and we'll be glad to help you with the troubleshoot over there, this is not the proper place for that, thanks for your understanding.

Best Regards.

vc Community Member 25 points

7 May 2020 9:28 AM

vamshidhar cholleti

Hi , While I am trying to execute this command "oc adm -a ${LOCAL_SECRET_JSON} release mirror \ --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE} \ --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}" to mirror the repository, following this link "https://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations"

But am facing this issue. "

phase 0: ip-172-31-44-157.us-east-2.compute.internal:5000 ocp4/openshift4 blobs=215 mounts=0 manifests=103 shared=5

Can anyone help me out of this issue.

TH Red Hat Newbie 15 points

7 August 2020 12:16 PM

Tomas Hofman

In section "Registry Service Accounts for Shared Environments" there's a paragraph starting with:

"The management of Service Accounts is available via the Registry Service Account management application, also accessible by the Service Accounts link on the main page of the Red Hat Container Catalog."

Statement seems wrong, there is no such link "Service Accounts" on the Red Hat Container Catalog main page. (The page I'm redirected to is https://catalog.redhat.com/software/containers/explore .)

Red Hat Active Contributor 358 points

18 August 2020 8:45 AM

Pedro Jose Amoedo Martinez

Hi Tomas, you are right, that link is no longer working as expected, however, the same paragraph also mentions the following:

"The management of Service Accounts is available via the Registry Service Account management application"

That management application link should properly redirect you to https://access.redhat.com/terms-based-registry/ where you can properly manage the "Service Accounts", can you please confirm?

Best Regards.

TH Red Hat Newbie 15 points

18 August 2020 10:59 AM

Tomas Hofman

Yes, I can confirm. For some reason I got fixated on going to the Container Catalog first :). Looks OK.

Red Hat Active Contributor 358 points

18 August 2020 1:49 PM

Pedro Jose Amoedo Martinez

Perfect, thanks for the confirmation.

BK Newbie 18 points

21 August 2020 5:13 PM

Bryan Kinney

If you are using dockerStrategy and need to use registry.redhat.io you can add the pull secret in the build.

  source:
    dockerfile: |-
      FROM registry.redhat.io/rhel8/python-38
    type: Dockerfile
  strategy:
    dockerStrategy:
      forcePull: true
      pullSecret:
        name: you-pull-secret

MS Newbie 15 points

10 September 2020 2:07 PM

Miguel Soranno

Hi, please take a look:

Case1: openshift 4.3

This command works only if a put the secret in the namespace: ./oc import-image test01:latest --from=registry.redhat.io/rhscl/redis-5-rhel7:latest --confirm -n maraco if not secret, this message will output:

! error: Import failed (InternalError): Internal error occurred: registry.redhat.io/rhscl/redis-5-rhel7:latest: Get https://registry.redhat.io/v2/rhscl/redis-5-rhel7/manifests/latest: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication

If a understood correctly, the other option to be able to put images from registry.redhat.io was to copy the credentials in "/var/lib/origin/.docker/config.json" all workers nodes. The thing is, i can't find this file on masters or workers, should i create this file manually ?

Case2: Openshift 4.5

Same command works all the time on any namespace no secret or anything required: ./oc import-image test01:latest --from=registry.redhat.io/rhscl/redis-5-rhel7:latest --confirm -n maraco

Why is this working ?

Thanks a lot.

Red Hat Active Contributor 358 points

10 September 2020 2:50 PM

Pedro Jose Amoedo Martinez

Hi Miguel, is a new feature included in 4.5, here you have the release note about it.

Best Regards.

MS Newbie 15 points

10 September 2020 3:02 PM

Miguel Soranno

Thanks a lot.

JB Newbie 5 points

21 January 2021 11:51 PM

Jithendra Baswareddy

Hello team! is there some kind of a rate limiting for the docker pulls that we do from registry.redhat.io?

Red Hat Active Contributor 286 points

1 February 2021 2:12 PM

Scott McCarty

I verified with the team that runs registry.redhat.io (as well as quay.io). There are no rate limits on any Red Hat registries. All images are pulled through Content Delivery Networks so they should be very quick and there are no rate limits.

JM Red Hat Newbie 15 points

28 June 2021 2:19 PM

John Mazzitelli

Can we have documented on here the URL where one can go to for a status of these repos? At the moment I'm getting the following error and I want to go see if registry.access.redhat.com is down (i.e. I want to know if the problem is on my end or if the problem is the backend and I just have to wait for the infrastructure to be fixed):

STEP 1: FROM registry.access.redhat.com/ubi8-minimal

Getting image source signatures

Error: error creating build container: Error reading signatures: Get "https://access.redhat.com/webassets/docker/content/sigstore/ubi8-minimal@sha256=0ccb9988abbc72d383258d58a7f519a10b637d472f28fbca6eb5fab79ba82a6b/signature-2": net/http: TLS handshake timeout

GN Red Hat Active Contributor 142 points

30 June 2021 9:06 AM

Gabriela Necasova

Hello John,

Red Hat has a global status page for all its services here: https://status.redhat.com, you can check it.

JA Newbie 5 points

22 December 2021 8:41 AM

Jens X Augustsson

A fourth Red Hat registry is also used in OpenShift: MarketPlace (registry.marketplace.redhat.com). Should it be added to the above table? I assume it share the same column values as "Third-party products", but it'd be interesting to know if there's any technical difference between them. br Jens

AC Red Hat Community Member 44 points

28 March 2022 3:46 PM

Andrew Collins

For anyone looking why the secret created from this article's section does not work for registry.connect.redhat.com, it is because the pull secret from "Registry Service Accounts" page only includes an auth for registry.redhat.io.

Grabbing the pull secret from console.redhat.com instead includes all three of the registries mentioned in this article.

mb Newbie 5 points

10 September 2022 8:24 PM

mohammed batis

i have personal account redhat but when i try to login by

podman login regisrty.redhat.io

and asking me user name and password gives me an error ???? userName or password invalid

AV Red Hat Newbie 10 points

2 November 2022 1:37 PM

Aleksandr Voznesenskii

I think this instruction is not descriptive. I don't have a podman/docker/buildah login. I tried to use my redhat.com login, but it failed because I was unauthorized. I would like to see an instruction with redhat.com login added here

DO Red Hat Expert 1009 points

9 November 2022 10:46 PM

Derrick Ornelas

If you are not using podman, buildah, or docker, then which tool are you trying to use? The credentials to log into the Red Hat registries are the same ones used to log into https://access.redhat.com.

AV Red Hat Newbie 10 points

10 November 2022 5:56 AM

Aleksandr Voznesenskii

Yeah, I thought It should be a different password. Had to dig through my saved password to make it work :)

VD Community Member 93 points

6 November 2022 11:07 PM

Version1 Developers

$ docker login https://registry.redhat.io Authenticating with existing credentials... Login did not succeed, error: Error response from daemon: Get "https://registry.redhat.io/v2/": writing reponse to registry.redhat.io:443: parsing port : strconv.ParseInt: parsing "": invalid syntax

DO Red Hat Expert 1009 points

9 November 2022 10:44 PM

Derrick Ornelas

Which version of docker are you running? If you try docker login registry.redhat.io does it work properly?

VD Community Member 93 points

10 November 2022 10:09 AM

Version1 Developers

Docker version 20.10.20, build 9fdeb9c.

I am getting the above error when try docker login

Guru 12851 points

6 January 2023 4:24 PM

ir. Jan Gerrit Kootstra

RHCSA Community Leader

What is the experation time of a Service Account token? This is not explained here or on the generation page.

It took me 10 attempts to install Automation Hub, before I tried a fresh of the token. Now the installation finally completed.

GN Red Hat Active Contributor 142 points

10 January 2023 5:04 PM

Gabriela Necasova

The registry service account tokens don't have an expiration or time limit. The only case where a token is deactivated or invalid (the secret is regenerated) is when it is done administratively by us or a customer (who has authority over their own service accounts).

LG Newbie 5 points

18 February 2023 12:35 AM

Lamartine Gomes

Hey guys, whenever I build an image using docker image build, that image looks like this: localhost/name. I need to upload it to docker hub with my username, so when I do a docker push user/image an error is shown, because the localhost user is not mine. I've already tried to change the localhost for my user like this: docker tag localhost/image:latest lamartinecezar/image:latest, but I can't, because the result is this: lcaolhost/lamartinecezar/image:latest. Consequently, I can't do the docker push, because it still recognizes my user as localhost, could you help me? I'm using RED HAT 9

GS Red Hat Newbie 5 points

6 March 2023 11:03 AM

Giuseppe Scrivano

can you try with the FQN: docker.io/lamartinecezar/image:latest?

Red Hat Community Member 29 points

25 July 2023 12:38 PM

Paul Wright

What are the prerequisites for using registry.redhat.io with OpenShift? node level access?

DO Red Hat Expert 1009 points

1 August 2023 2:37 PM

Derrick Ornelas

The Pull Secret (registry token) that you are required to obtain prior to installing your OpenShift 4.x cluster[1] will grant your cluster access to the registry.redhat.io registry. Using a Red Hat login (username/password) to access registry.redhat.io is not supported for production clusters.[2]

[1] https://docs.openshift.com/container-platform/4.13/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-obtaining-installer_installing-platform-agnostic

[2] https://docs.openshift.com/container-platform/4.13/registry/index.html#registry-authentication-enabled-registry-overview_registry-overview

Red Hat Community Member 29 points

1 August 2023 3:33 PM

Paul Wright

The problem I had was that the user who installed OCP didn't have access to the product SKU I wanted to deploy, so the solution was to replace edit the credentials in the pull-secret in the openshift-config namespace. Posting here in case someone has similar problem and is confused by this article (as i was).

ME Newbie 5 points

16 August 2023 12:10 PM

MultiProduct Entitlement QE

Hello All, I'm Libin Liu from MultiProduct Entitlement QE team, for the sentence "some images that require a subscription are only available from registry.redhat.io.", AFAIK, to access content from registry.redhat.io, no any subscription is required for the account to log in registry.redhat.io, can anyone please help give some explanation on why some images require a subscription and what's the specific images which require subscription to access registry.redhat.io? Thanks in advance!

Community Member 27 points

5 October 2023 12:21 PM

Patrick Andrieux

Hello,

Hope my experience will help because I didn't see that in the documentation. I had to allow .quay.io on my proxy to access images Red Hat registry, because Red Hat redirects it to the URL https://cdn02.quay.io

Red Hat Guru 1363 points

5 October 2023 12:26 PM

Sayan Das

Yeah, Perhaps we should link https://access.redhat.com/articles/6999582 to this documentation which explains the changes and additional firewall requirements related to quay.io

Red Hat Guru 1363 points

5 October 2023 12:29 PM

Sayan Das

Or perhaps the right place is https://access.redhat.com/articles/3560571 , where the primary information about proxy\firewall is present and https://access.redhat.com/articles/6999582 should be present there i think

Community Member 27 points

5 October 2023 12:33 PM

Patrick Andrieux

looks good indeed :)

Red Hat Guru 1363 points

5 October 2023 12:38 PM

Sayan Das

I have added 6999582 there in 3560571 now and 3560571 is already linked with this KB. So hopefully that should be good enough to avoid any future problems.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Red Hat Container Registry Authentication

Table of Contents

Red Hat Registries

Using Authentication

Registry Service Accounts for Shared Environments

Managing Registry Service Accounts

Creating Registry Service Accounts

Modifying Authentication Tokens

Allowing Pods to Reference Images from Other Secured Registries

Learning More About Red Hat Registry

59 Comments

Table of Contents

Red Hat Registries

Getting a Red Hat Login

Using Authentication

Registry Service Accounts for Shared Environments

Managing Registry Service Accounts

Creating Registry Service Accounts

Modifying Authentication Tokens

Allowing Pods to Reference Images from Other Secured Registries

Learning More About Red Hat Registry

59 Comments