Build process cannot pull image from the external registry which has a custom certificate

Solution Verified - Updated -

Issue

  • I cannot deploy an image because building image fails while trying to pull the image from the external registry, which has a custom certificate:

    Cloning "https://github.com/example-app" ...
    Commit: 
    Author:
    Date:
pulling image error : unknown: unable to pull manifest from docker-registry.example.com/rhscl/httpd-24-rhel7:latest: Get https://docker-registry.example.com/v2/:  x509: certificate signed by unknown authority
error: build error: unable to get docker-registry.default.svc:5000/openshift/httpd@sha256:

  • I can pull the image with docker or inspect with skopeo from the nodes, but it fails during deployment.

  • External registry CA certificate is not trusted, but I have already copied it to the master.

NOTE: For OCP4 related issues please check on this documentation.

Environment

  • Openshift Container Platform (OCP) 3.11
  • External docker registry with a custom/self-signed CA certificate

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content