The image pull secret in the namespace is not used when using an ImageContentSourcePolicy in OpenShift 4
Issue
- When using an
ImageContentSourcePolicy
, the pull secret defined in the namespace is not used. Why is that? - Can pull secrets for mirrored secure registries be configured in a project when ImageContentSourcePolicy is set in a cluster?
-
Using an
ImageContentSourcePolicy
like the following, the correct image pull secret configured in aproject
is not used to pull the image:apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: name: secured-registry-example spec: repositoryDigestMirrors: - mirrors: - secured-registry.example.com/another-project source: registry.example.com/some-project
-
Pulling an image from a private image registry fails with
unauthorized: authentication required
when anImageContentSourcePolicy
is used and the pull secret for the registry is in theproject
.
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
ImageContentSourcePolicy
(IDMS
)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.