Skip to main content

Setup CodeReady Containers for OpenShift 4.x with internal image registry

·3 mins

Red Hat CodeReady Containers (CrC) is a project that enables us to run a minimal OpenShift 4.x cluster on a laptop for local development. Since we’ll be frequently building Docker images while developing, we might not want to be forced to push them to Docker Hub every time in order to be able to deploy them to the local cluster: to avoid that, we can make use of OpenShift’s internal image registry.

Note: CrC cannot run on just any laptop, given its hardware requirements:

  • 4 virtual CPUs (vCPUs)
  • 9 GB of free memory
  • 35 GB of storage space

Download and install CrC #

A RedHat account is required to use CrC, so sign up here or have your existing credentials at hand (no there’s no way around it, in case you are wondering).

Download the latest release of CrC here along with its pull secret (which you’ll need in a bit).

In a terminal, run the following commands to install and start CrC:

$ crc setup
$ crc start  # provide the pull secret you just downloaded

$ crc oc-env # follow the instructions printed by this command

Note: Once the installation is finished, the Web UI will be accessible by running:

$ crc console

in your terminal. The installation creates two users: developer and kubeadmin (a regular user and an admin, respectively); their credentials can be retrieved at any time by running:

$ crc console --credentials

Gaining access to the internal image registry #

The first thing you have to do is to make the internal image registry accessible. To do so, run the following commands in your terminal:

$ oc login -u kubeadmin -p "<your_password>" https://api.crc.testing:6443
$ oc patch --patch '{"spec":{"defaultRoute":true}}' --type=merge

The internal image registry doesn’t have valid certificates, so you have to change both CrC and Docker to (selectively) allow insecure registries.

Note: According to a CRC maintainer this is actually not needed but I couldn’t get it working in any other way.

Instruct CrC to accept an insecure registry #

You can achieve this by patching the cluster configuration as follows:

$ oc patch --type=merge --patch="{\"spec\": {\"registrySources\": {\"insecureRegistries\": [\"default-route-openshift-image-registry.apps-crc.testing\" ]}}}"

Instruct Docker to accept an insecure registry #

Open Docker Desktop > Preferences > Docker Engine and add the following as top-level field in the JSON configuration, then click on Apply & Restart:

"insecure-registries": [

(Source: Test an insecure registry)

On a fresh Docker Desktop installation, the complete JSON configuration would look something like:

  "debug": true,
  "experimental": false,
  "insecure-registries": [

This configuration “lives” in ~/.docker/daemon.json.

Login to the image registry #

$ oc whoami -t | docker login -u developer --password-stdin "default-route-openshift-image-registry.apps-crc.testing"

Build your Docker image #

When building a Docker image, you have to make sure to include the internal image registry and CrC namespace in its name.

For example, if you’re using CrC’s default namespace and building version 1.2.3 of the myapp application, the commands would look like this:

$ docker build -t default-route-openshift-image-registry.apps-crc.testing/default/myapp:1.2.3 .
$ docker push default-route-openshift-image-registry.apps-crc.testing/default/myapp:1.2.3