Docker registry cannot connect to S3 storage due to x509: certificate signed by unknown authority
Issue
Configured docker registry persistent storage to use endpoint that is Amazon S3 compatible following https://docs.openshift.com/container-platform/latest/install_config/install/advanced_install.html#advanced-install-registry-storage but specifying a custom openshift_hosted_registry_storage_s3_regionendpoint
. Docker registry pod deploys but is unable to connect to endpoint due to untrusted certificate errors:
172.56.8.1 - - [14/Jun/2018:14:41:11 +0000] "POST /v2/mytest/ruby-ex/blobs/uploads/ HTTP/1.1" 500 104 "" "docker/1.13.1 go/go1.9.2 kernel/3.10.0-862.3.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(go-dockerclient)"
time="2018-06-14T14:41:11.813874015Z" level=error msg="response completed with error" err.code=unknown err.detail="s3aws: RequestError: send request failed
caused by: Put https://s3.example.com/registry/registry/docker/registry/v2/repositories/mytest/ruby-ex/_uploads/9fd2ad5b-2639-4557-b3a0-ce34d4ff75dc/startedat: x509: certificate signed by unknown authority" err.message="unknown error" go.version=go1.9.4 http.request.host="docker-registry.default.svc:5000" http.request.id=f9e00c45-d493-45ef-bbc4-ac596726a797 http.request.method=POST http.request.remoteaddr="172.56.8.1:39522" http.request.uri=/v2/mytest/ruby-ex/blobs/uploads/ http.request.useragent="docker/1.13.1 go/go1.9.2 kernel/3.10.0-862.3.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(go-dockerclient)" http.response.contenttype="application/json; charset=utf-8" http.response.duration=459.224805ms http.response.status=500 http.response.written=104 instance.id=8b028ba4-37cd-4548-bce6-95e934565039 openshift.auth.user="system:serviceaccount:mytest:builder" vars.name=mytest/ruby-ex
Environment
- Red Hat OpenShift Container Platform 3.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.