Unable to pull image from external registry in OCP 3.11
Issue
- OpenShift is Using 3rd private image registry (like docker-distribution) instead of "registry.redhat.io".
- The configuration of Cert/Docker is done by following this KCS
- All nodes can use pull/push/login operations with docker-distribution.
- Can create APP via "oc new-app --docker-image=xxxx".
- Can import image from docker-distribution via "oc import-image" with no certificate error.
- Cannot create APP via default template, always faced to cert error:x509: certificate signed by unknown authority.
- By checking the event of deployment, it will always pull the image from
docker-registry.default.svc:5000
.
[deploy from template]
9s 9s 1 postgresql-1-tnfms.15673814c80338e9 Pod spec.containers{postgresql} Normal Pulling kubelet, node3.cluster.local pulling image "docker-registry.default.svc:5000/openshift/postgresql@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
9s 9s 1 postgresql-1-tnfms.15673814d65b93dd Pod spec.containers{postgresql} Warning Failed kubelet, node3.cluster.local Failed to pull image "docker-registry.default.svc:5000/openshift/postgresql@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx": rpc error: code = Unknown desc = unknown: unable to pull manifest from <hide the url of private registry>/rhscl/postgresql-94-rhel7:latest: Get https://<hide the url of private registry>/v2/: x509: certificate signed by unknown authority
Environment
- Red Hat OpenShift Container Platform 3.11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.