IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at and

Accessing the Internal Registry from ARO

Authors: Kevin Collins, Connor Wooley
Last Editor: Dustin Scott
Published Date: 28 June 2022
Modified Date: 25 May 2023

Kevin Collins


One of the advantages of using OpenShift is the internal registry that comes with OpenShfit to build, deploy and manage container images locally. By default, access to the registry is limited to the cluster ( by design ) but can be extended to usage outside of the cluster. This guide will go through the steps required to access the OpenShift Registry on an ARO cluster outside of the cluster.


  • an ARO Cluster
  • oc cli
  • podman or docker cli

Expose the Registry

  1. Expose the registry service

    oc create route reencrypt --service=image-registry -n openshift-image-registry
  2. Annotate the route

    oc annotate route image-registry -n openshift-image-registry
  3. Get the route host name

    HOST=$(oc get route image-registry -n openshift-image-registry --template='{{ }}')
  4. Log into the image registry

    podman docker login -u $(oc whoami) -p $(oc whoami -t) $HOST

Test it out

podman pull openshift/hello-openshift

podman images

expected output

 openshift/hello-openshift                                   latest    7af3297a3fb4   4 years ago    6.09MB