Downloading images

Image registries

Red Hat distributes container images through three different container registries.

Registry	Content	Supported method(s)
registry.redhat.io	Red Hat products	registry tokens, Red Hat login
registry.access.redhat.com	Red Hat products	unauthenticated access
registry.connect.redhat.com	third-party products	registry tokens, Red Hat login

Red Hat continues to standardize on registry.redhat.io and registry.connect.redhat.com as the primary container registries for Red Hat and certified partners and will eventually decommission registry.access.redhat.com for Red Hat products. While customers can continue to use registry.access.redhat.com until it is decommissioned, it is recommended that you prepare to use registry.redhat.io.

Downloading methods

Container images from Red Hat and certified partners can be downloaded using the instructions from the "Get this image" section. Images are available through three methods.

Using service accounts and registry tokens

The use of registry tokens also referred to as authentication tokens, and service accounts are encouraged to prevent the need to use individual Red Hat logins on shared systems. Service tokens enable organizations to use static, shared secrets rather than user-based logins and are used exclusively for authenticating to and retrieving content from a Red Hat image registry. In addition, registry service accounts are resilient to some security controls applied to Customer Portal accounts, such as mandated password resets. Consequently, we recommend customers use registry tokens instead of individual Red Hat logins when consuming container images in shared environments.

Service Accounts can be managed via the Registry Service Account management application, accessible through the "Service Accounts" in the Red Hat Ecosystem Catalog. You have the freedom to decide how many Service Accounts are created and how they are used on your systems, as a guideline, you may opt to use one Service Account per shared system (such as an OpenShift Container Platform cluster).

Using Red Hat login

To download images using a Red Hat login, follow the instructions on the "Get this image" for your preferred client or scenario.

Unauthenticated

To download images without authentication, follow the instructions on the "Get this image" for your preferred client or scenario.

Red Hat continues to standardize on authenticated registries and methods for pulling product images from Red Hat and certified partners and will eventually decommission unauthenticated access for most products. While customers may continue to use an unauthenticated method until it is decommissioned, it is recommended that you prepare to use one of the authenticated methods for pulling content.

Frequently Asked Questions

How do I obtain a login to download a container image?

All Red Hat customers can download certified container images listed in the Red Hat Ecosystem Catalog. If you do not have a Red Hat login or access to registry tokens, contact your organization administrator and/or system administrator.

I was unsuccessful pulling an image after logging in. What might have happened?

In some cases, users may be denied access to certain content due to export control restrictions in force. If you are a Red Hat customer, contact Red Hat customer service.